CinaptixAI uses a small number of third-party service providers (“sub-processors”) to operate the Service. Each is contractually bound to appropriate confidentiality and data-protection obligations (for example, under GDPR Art. 28 data-processing terms, the EU Standard Contractual Clauses, or Stripe’s and OpenAI’s published data-protection addenda).
We will give reasonable notice (via this page, email, or an in-app notice) before adding or materially changing a sub-processor that handles personal information.
Current sub-processors
| Provider | Purpose | Data categories | Region |
|---|---|---|---|
| Stripe, Inc. | Subscription billing, payment processing, customer portal, tax calculation | Name, email, billing address, payment-card details (held by Stripe, not us), subscription metadata | US / global |
| OpenAI, L.L.C. | AI enrichment (chat completions), vision / image description, Whisper transcription, embeddings | Prompt content you submit, derived outputs. Called with store: false where supported. OpenAI’s API policy: no model training on API data. |
US |
| Microsoft Azure | Application hosting, SQL database, blob storage for attachments, logging | All account data, Your Content, attachments, logs | Canada / US (as configured) |
| SendGrid / SMTP provider | Transactional email (account, security, onboarding, billing) | Email address, display name, email subject and body | US |
| Cloudflare, Inc. (if used) | CDN, DDoS mitigation, TLS termination | IP address, request headers, connection metadata | Global edge |
Transfers
Where a sub-processor is outside your region, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, Canadian-law contractual equivalents, or the sub-processor’s own published transfer mechanisms as appropriate.
Questions
Email privacy@cinaptixai.com to request our Data Processing Addendum (DPA) or to raise a concern about a sub-processor.