Back to Home

Subprocessors

List of third-party service providers that process data on behalf of Firebuzz.

This page lists all third-party service providers (subprocessors) that Firebuzz uses to process customer data in delivering our Services. We're committed to transparency about how your data is handled.

What is a Subprocessor?

A subprocessor is a third-party service provider that processes data on behalf of Firebuzz to help deliver our Services. We carefully vet all subprocessors for security, reliability, and compliance with data protection regulations.

Updates to This List

We update this list when we add or remove subprocessors. Material changes are communicated via email to workspace administrators. You can monitor this page for changes by checking the "Last Updated" date above.

Active Subprocessors

Clerk

Purpose: Authentication and user account management

Location: United States

Description: Provides secure authentication services, user session management, and account security features including multi-factor authentication.

Reference: Clerk Privacy Policy

Convex

Purpose: Backend database, real-time data synchronization, and serverless functions

Location: United States

Description: Primary backend infrastructure for data persistence, real-time subscriptions, and serverless function execution. Handles workspace data, campaign information, and platform operations.

Reference: Convex Security

Cloudflare

Purpose: Edge computing, content delivery (CDN), key-value storage, durable objects, and R2 object storage

Location: Global (United States-based)

Description: Provides infrastructure for serving landing pages, CDN services, distributed storage, and edge computing capabilities. Handles landing page delivery and static asset hosting.

Reference: Cloudflare Trust Hub

Vercel

Purpose: Application hosting, deployment infrastructure, and Vercel Sandbox SDK for code execution

Location: United States

Description: Hosts the main Firebuzz application and provides secure code execution sandbox for AI-generated landing page code.

Reference: Vercel Security

Stripe

Purpose: Payment processing and subscription management

Location: United States

Description: Processes all payment transactions, manages subscription billing, and handles payment method storage. We do not store your payment card details on our servers.

Reference: Stripe Privacy Policy

Resend

Purpose: Transactional email delivery

Location: United States

Description: Sends account notifications, password resets, billing receipts, and other transactional emails to users.

Reference: Resend Privacy

Tinybird

Purpose: Analytics data processing and real-time analytics pipelines

Location: United States (GCP Europe West2)

Description: Processes usage analytics, landing page visitor data, and conversion metrics. Provides real-time analytics dashboards for campaign performance.

Reference: Tinybird Security

OpenAI

Purpose: AI-powered content generation and language model processing

Location: United States

Description: Provides large language model (LLM) services for generating marketing copy, landing page content, and assisting with campaign creation through our AI chat interface.

Reference: OpenAI Privacy Policy

Anthropic

Purpose: AI-powered content generation and language model processing

Location: United States

Description: Provides Claude AI models for generating marketing content, landing page designs, and conversational AI features within the platform.

Reference: Anthropic Privacy Policy

Google AI (Generative AI)

Purpose: AI-powered content generation and machine learning services

Location: United States

Description: Provides Gemini and other Google AI models for content generation, natural language processing, and creative assistance.

Reference: Google Cloud Privacy

Microsoft Azure OpenAI

Purpose: Enterprise AI services and language model processing

Location: United States

Description: Provides access to OpenAI models through Azure's enterprise infrastructure with enhanced security and compliance features.

Reference: Azure Privacy

xAI

Purpose: AI-powered content generation and language model processing

Location: United States

Description: Provides Grok and other xAI models for content generation and AI-assisted marketing tasks.

Reference: xAI Terms

OpenRouter

Purpose: AI model routing and aggregation

Location: United States

Description: Provides unified access to multiple AI providers and models, enabling flexible AI model selection for different generation tasks.

Reference: OpenRouter Privacy

Fal.ai

Purpose: AI-powered image generation

Location: United States

Description: Generates custom images, graphics, and visual assets for landing pages and marketing campaigns using AI models.

Reference: Fal.ai Terms

Exa

Purpose: Semantic search and web content discovery

Location: United States

Description: Provides intelligent search capabilities for discovering relevant web content and inspiration for marketing campaigns.

Reference: Exa Privacy Policy

Firecrawl

Purpose: Web scraping and content extraction

Location: United States

Description: Extracts and processes web content for analysis and inspiration during campaign creation.

Reference: Firecrawl Privacy

Data Processing Agreement

Our use of subprocessors is governed by our Data Processing Agreement (DPA), which includes:

  • Standard Contractual Clauses (SCCs) for international data transfers
  • Security and confidentiality obligations
  • Audit rights and compliance requirements
  • Data breach notification procedures
  • Data subject rights fulfillment

Your Rights

You have the right to:

  • Object to the use of specific subprocessors
  • Request information about data processing activities
  • Request copies of data processing agreements
  • Exercise your data subject rights under GDPR, CCPA, and other regulations

To exercise these rights or for questions about subprocessors, contact us at privacy@getfirebuzz.com.

Security Standards

All subprocessors are required to maintain:

  • SOC 2 Type II compliance or equivalent
  • ISO 27001 certification or equivalent security standards
  • GDPR compliance for processing EU data
  • Encryption in transit and at rest
  • Regular security audits and vulnerability assessments
  • Incident response and breach notification procedures

Subprocessor Changes

When we add new subprocessors:

  1. We evaluate their security, privacy practices, and compliance
  2. We establish data processing agreements with appropriate safeguards
  3. We update this page with the new subprocessor information
  4. For material additions, we notify workspace administrators via email at least 30 days in advance
  5. You may object to new subprocessors by contacting privacy@getfirebuzz.com within 30 days

Geographic Processing

Most data processing occurs in the United States. Some subprocessors operate globally with data centers in multiple regions:

  • Cloudflare: Global CDN with points of presence worldwide
  • Vercel: Global deployment network
  • Tinybird: Primary processing in GCP Europe West2

We ensure appropriate safeguards for international data transfers through Standard Contractual Clauses and adequacy decisions.

Questions?

For questions about our subprocessors or data processing practices:

Email: privacy@getfirebuzz.com Data Protection Officer: dpo@getfirebuzz.com Website: getfirebuzz.com