1. Introduction

This document outlines the third-party service providers, known as subprocessors, that ChattyAI engages in processing customer data on behalf of its services. Transparency with these processes is vital for maintaining trust and compliance with international data protection laws.

2. Criteria for Selection

Subprocessors are carefully chosen based on their ability to meet stringent compliance, security, and privacy standards and are subjected to a rigorous due diligence process before engagement.

3. List of Current Subprocessors

Below are the details regarding each of our current subprocessors:

1. Microsoft Azure
   • Services Provided: Cloud hosting and data storage services.
   • Location: Global (headquartered in the United States)
   • Data Types Processed: Includes user database, application logs, and transactional data.
2. Brevo Mail
   • Services Provided: Enterprise email communication solution.
   • Location: United States
   • Data Types Processed: Email addresses, communication content, interaction logs.
3. Stripe
   • Services Provided: Payment processing services.
   • Location: United States
   • Data Types Processed: Credit card details, transactional data, billing addresses.
4. Meta WhatsApp
   • Services Provided: Business communication via WhatsApp services.
   • Location: United States
   • Data Types Processed: Contact information, message content, communication logs.
5. Sentry (Error Handler)
   • Services Provided: Real-time error tracking and monitoring.
   • Location: United States
   • Data Types Processed: Error logs, application performance data, user interactions pertaining to debug info.
6. Microsoft OpenAI
   • Services Provided: AI and machine learning model hosting and computations.
   • Location: United States
   • Data Types Processed: AI training data, user queries, generated responses.

4. Review and Approval Process

Each subprocessor engagement is approved following a defined procedure managed by our security and compliance teams and is subject to regular evaluation and audits.

5. Data Security and Privacy Agreements

All subprocessors are bound by Data Processing Agreements (DPAs) ensuring adherence to data protection laws (such as GDPR, CCPA) and our internal data handling standards.

6. Change Management

Customers will be notified through their primary contact email regarding any new subprocessor inclusion or significant changes to existing subprocessors. Clients can express concerns or object to new subprocessors as per the terms laid out in their service agreements.