Per GDPR Article 28 + 30 and APPI Article 23, these third parties process customer data on our behalf. We've vetted each for adequate data protection (GDPR-compliant DPAs in place; US providers under EU-US Data Privacy Framework). To object to a specific sub-processor, email privacy@kizuki.smartrich.ai within 30 days of any change notification.
| Vendor | Purpose | Data categories | Region | DPA |
|---|
| Cloudflare, Inc. | Workers runtime / D1 database / KV cache / R2 storage / Queue / CDN | tenant dataauth tokenslogsbackups | global (CF edge) | View → |
| Anthropic, PBC | LLM inference (Claude Sonnet / Haiku / Opus) for draft + classify + extract tasks | post content (anonymized)reply samplesbrand voice fingerprint | US | View → |
| Google LLC (Vertex AI) | LLM inference (Gemini 2.5 Flash Lite / Flash / Pro) — cheapest provider for classify/translate | post contenttranslation pairs | US / EU regions | View → |
| OpenAI, LLC | LLM inference fallback (GPT-4o-mini / GPT-4o / GPT-4.1) | post contentreply drafts | US | View → |
| Stripe, Inc. | Payment processing (subscription billing, invoices, refunds) | emailnamepayment method (PCI-scope) | US / EU / Ireland (EU billing) | View → |
| Telegram FZ-LLC | Bot messaging — delivers draft cards to商家 chat | chat_idcard contentinline button payloads | DE / AE | View → |
| Sentry (Functional Software, Inc.) | Error reporting + observability | stack tracesrequest URLtenant_id (hashed) | US / EU | View → |
| Resend, Inc. | Transactional email (welcome / payment_failed / cancel_confirmed) | emailtemplate variables | US | View → |
| Apify Technologies s.r.o. | Public social media scraping (X / Reddit) for wild-listener cron | scrape job parametersmatched post content | EU (Czech Republic) | View → |
L-5 · 9 sub-processors · all with active DPAs · last reviewed 2026-05-28 · changes notified ≥ 30d in advance to Enterprise via product@kizuki.smartrich.ai.