Introduction
This page lists the third-party sub-processors that helpful bits GmbH uses to provide the Vibe Manager service to users in the EU/UK. We will provide advance notice of any material changes to our sub-processor arrangements, including the addition of new sub-processors or changes to existing ones that may affect the processing of your personal data.
All sub-processors are contractually bound to maintain appropriate security measures and comply with applicable data protection laws, including GDPR requirements and appropriate safeguards for international transfers.
Current Sub-processors
Stripe
Purpose: Payment processing services
Data Processing Regions: United States, European Union
Legal Documents:
Transfer Safeguards: EU operations processed in-region; for transfers to the US, Data Privacy Framework certification and Standard Contractual Clauses with supplementary measures
OpenAI
Purpose: AI model processing and natural language understanding
Data Processing Regions: United States
Data Usage: Training disabled where available and contractually restricted to service provision
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses with supplementary measures
Google AI/Gemini
Purpose: AI model processing and natural language understanding
Data Processing Regions: United States
Data Usage: Training disabled where available and contractually restricted to service provision
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses with supplementary measures
xAI
Purpose: AI model processing and natural language understanding
Data Processing Regions: United States
Data Usage: Training disabled where available and contractually restricted to service provision
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses with supplementary measures
OpenRouter
Purpose: AI routing and processing services
Data Processing Regions: United States
Data Usage: Training disabled where available and contractually restricted to service provision
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses with supplementary measures
Vercel
Purpose: Web hosting and edge infrastructure
Data Processing Regions: Global (with EU data residency options)
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses, EU data residency available
Amazon Web Services (AWS)
Purpose: Desktop application hosting and content delivery (CloudFront CDN and S3 storage)
Data Processing Regions: Global (with regional data residency options)
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses, EU data residency available, ISO 27001/27017/27018 certified
Auth0
Purpose: Authentication and identity management services
Data Processing Regions: United States, European Union
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses, EU data residency available
Mailgun
Purpose: Transactional email delivery services
Data Processing Regions: United States, European Union
Legal Documents:
Transfer Safeguards: Standard Contractual Clauses with supplementary measures
Data Protection
All sub-processors are required to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing. We conduct due diligence on all sub-processors to ensure they meet our data protection standards and comply with applicable privacy laws, including GDPR requirements.
International Transfers: Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) and supplementary measures as recommended by the European Data Protection Board.
Updates and Changes
We may update this list from time to time as we add or remove sub-processors. Material changes will be communicated in advance through appropriate channels, including updates to this page and direct notification where required by applicable law.
If you have questions about our sub-processor arrangements or data processing practices, please contact us at [email protected].
Data Processing Addendum
Business customers who process personal data through our Service should review and accept our Data Processing Addendum (DPA), which governs our data processing relationship and includes provisions for sub-processor management.