Back to Home

Subprocessors

List of third-party service providers that process data on behalf of Firebuzz.

This page lists all third-party service providers (subprocessors) that Firebuzz uses to process customer data in delivering our Services. We're committed to transparency about how your data is handled.

What is a Subprocessor?

A subprocessor is a third-party service provider that processes data on behalf of Firebuzz to help deliver our Services. We carefully vet all subprocessors for security, reliability, and compliance with data protection regulations.

Updates to This List

We update this list when we add or remove subprocessors. Material changes are communicated via email to workspace administrators. You can monitor this page for changes by checking the "Last Updated" date above.

Active Subprocessors

Clerk

Purpose: Authentication and user account management

Location: United States

Description: Provides secure authentication services, user session management, and account security features including multi-factor authentication.

Reference: Clerk Privacy Policy

Convex

Purpose: Backend database, real-time data synchronization, and serverless functions

Location: United States

Description: Primary backend infrastructure for data persistence, real-time subscriptions, and serverless function execution. Handles workspace data, campaign information, and platform operations.

Reference: Convex Security

Cloudflare

Purpose: Application hosting, edge computing, content delivery (CDN), key-value storage, durable objects, and R2 object storage

Location: Global (United States-based)

Description: Hosts the Firebuzz application and provides infrastructure for serving landing pages, CDN services, distributed storage, and edge computing capabilities. Handles landing page delivery, static asset hosting, and application deployment.

Reference: Cloudflare Trust Hub

Daytona

Purpose: Secure sandbox environments for AI code execution

Location: United States

Description: Provides isolated sandbox environments for securely building and executing AI-generated landing page code. Handles code compilation, development server execution, and project builds in sandboxed containers.

Reference: Daytona Privacy Policy

Stripe

Purpose: Payment processing and subscription management

Location: United States

Description: Processes all payment transactions, manages subscription billing, and handles payment method storage. We do not store your payment card details on our servers.

Reference: Stripe Privacy Policy

Resend

Purpose: Transactional email delivery

Location: United States

Description: Sends account notifications, password resets, billing receipts, and other transactional emails to users.

Reference: Resend Privacy

Tinybird

Purpose: Analytics data processing and real-time analytics pipelines

Location: United States (GCP Europe West2)

Description: Processes usage analytics, landing page visitor data, and conversion metrics. Provides real-time analytics dashboards for campaign performance.

Reference: Tinybird Security

Vercel

Purpose: AI Gateway for routing requests to AI providers

Location: United States

Description: Provides an AI gateway that routes and manages requests to third-party AI providers (OpenAI, Anthropic, Google AI) for content generation and language model processing.

Reference: Vercel Security

OpenAI

Purpose: AI-powered content generation and language model processing

Location: United States

Description: Provides large language model (LLM) services for generating marketing copy, landing page content, and assisting with campaign creation through our AI chat interface.

Reference: OpenAI Privacy Policy

Anthropic

Purpose: AI-powered content generation and language model processing

Location: United States

Description: Provides Claude AI models for generating marketing content, landing page designs, and conversational AI features within the platform.

Reference: Anthropic Privacy Policy

Google AI (Generative AI)

Purpose: AI-powered content generation and machine learning services

Location: United States

Description: Provides Gemini and other Google AI models for content generation, natural language processing, and creative assistance.

Reference: Google Cloud Privacy

Fal.ai

Purpose: AI-powered image generation

Location: United States

Description: Generates custom images, graphics, and visual assets for landing pages and marketing campaigns using AI models.

Reference: Fal.ai Terms

Exa

Purpose: Semantic search and web content discovery

Location: United States

Description: Provides intelligent search capabilities for discovering relevant web content and inspiration for marketing campaigns.

Reference: Exa Privacy Policy

Firecrawl

Purpose: Web scraping and content extraction

Location: United States

Description: Extracts and processes web content for analysis and inspiration during campaign creation.

Reference: Firecrawl Privacy Policy

Data Processing Agreement

Our use of subprocessors is governed by our Data Processing Agreement (DPA), which includes:

  • Standard Contractual Clauses (SCCs) for international data transfers
  • Security and confidentiality obligations
  • Audit rights and compliance requirements
  • Data breach notification procedures
  • Data subject rights fulfillment

Your Rights

You have the right to:

  • Object to the use of specific subprocessors
  • Request information about data processing activities
  • Request copies of data processing agreements
  • Exercise your data subject rights under GDPR, CCPA, and other regulations

To exercise these rights or for questions about subprocessors, contact us at privacy@getfirebuzz.com.

Security Standards

All subprocessors are required to maintain:

  • SOC 2 Type II compliance or equivalent
  • ISO 27001 certification or equivalent security standards
  • GDPR compliance for processing EU data
  • Encryption in transit and at rest
  • Regular security audits and vulnerability assessments
  • Incident response and breach notification procedures

Subprocessor Changes

When we add new subprocessors:

  1. We evaluate their security, privacy practices, and compliance
  2. We establish data processing agreements with appropriate safeguards
  3. We update this page with the new subprocessor information
  4. For material additions, we notify workspace administrators via email at least 30 days in advance
  5. You may object to new subprocessors by contacting privacy@getfirebuzz.com within 30 days

Geographic Processing

Most data processing occurs in the United States. Some subprocessors operate globally with data centers in multiple regions:

  • Cloudflare: Global CDN with points of presence worldwide
  • Daytona: United States
  • Tinybird: Primary processing in GCP Europe West2

We ensure appropriate safeguards for international data transfers through Standard Contractual Clauses and adequacy decisions.

Questions?

For questions about our subprocessors or data processing practices:

Email: privacy@getfirebuzz.com Data Protection Officer: dpo@getfirebuzz.com Website: getfirebuzz.com