Sub-Processors List
Last Updated: January 7, 2025
This page lists all sub-processors engaged by Clients.ai (operated by KC Meta Ventures, Inc.) to process personal data on behalf of our customers. This information is provided in accordance with GDPR Article 28(3)(d) and our Terms of Service Section 17.6(4) to ensure transparency and enable customers to exercise their data protection rights.
As outlined in our Terms of Service, you provide general written authorization for Clients.ai to engage sub-processors subject to equivalent data protection obligations. We will provide notice of material changes to sub-processors via email or platform notifications, and you have the right to object to new sub-processors on reasonable data protection grounds within 30 days.
What is a Sub-Processor?
A sub-processor is a third-party service provider engaged by Clients.ai to process personal data on our behalf and under our instructions. Under GDPR, when we engage sub-processors, we remain fully responsible (as the processor) for ensuring they implement appropriate technical and organizational measures to protect personal data and comply with data protection obligations.
All sub-processors listed below are bound by data processing agreements that impose GDPR-equivalent obligations, including:
- Processing personal data only on documented instructions from Clients.ai
- Implementing appropriate technical and organizational security measures (see Security Policy)
- Ensuring confidentiality of personnel with access to personal data
- Assisting with data subject rights requests and security incidents
- Deleting or returning personal data upon termination (subject to legal retention requirements)
- For third-country sub-processors: Standard Contractual Clauses (SCCs) and supplementary measures (see International Data Transfers)
Infrastructure and Cloud Service Providers
These sub-processors provide core infrastructure, hosting, compute, storage, and cloud services essential to operating the Clients.ai platform.
| Sub-Processor | Purpose | Location | Data Categories |
|---|---|---|---|
| Amazon Web Services (AWS) aws.amazon.com | Cloud infrastructure, compute, storage, databases, CDN, backup services | Primary: Canada (ca-central-1) Secondary: USA (us-east-1, us-east-2) Backup: Australia (ap-southeast-2) SCCs + TIA for USA transfers | • Encrypted application data • Database backups • User Data and Lead Data (encrypted at rest) • Infrastructure logs |
| Vercel Inc. vercel.com | Frontend hosting, edge network, serverless functions, deployment platform | Global edge network USA (primary), Global CDN SCCs for third-country transfers | • Static website assets • Anonymized analytics • API request logs No PII stored on edge |
AI and Machine Learning Providers
These sub-processors provide artificial intelligence models, natural language processing, and machine learning capabilities that power Clients.ai's autonomous AI agents and content generation features.
| Sub-Processor | Purpose | Location | Data Categories |
|---|---|---|---|
| OpenAI, Inc. openai.com | AI model inference, content generation, natural language processing, autonomous agent intelligence | USA (Azure backend - multiple regions) SCCs + TIA + Supplementary Measures | • Pseudonymized data only • Anonymized user prompts and queries • De-identified conversation context • No direct identifiers (names, emails, phone numbers) Note: User PII pseudonymized before OpenAI transmission per TIA Measure 2 |
| Anthropic PBC anthropic.com | AI model inference (Claude), advanced reasoning, content analysis, safety classification | USA (AWS and GCP backend) SCCs + TIA | • Pseudonymized data only • Anonymized conversation content • De-identified user inputs Same pseudonymization as OpenAI |
AI Model Provider Data Handling: OpenAI and Anthropic receive only pseudonymized data with direct identifiers removed. Full contact details (email addresses, phone numbers, LinkedIn profiles) are NOT transmitted to AI model providers. Pseudonymization mapping tables are stored exclusively in Canada, ensuring re-identification requires Canadian database access. See International Data Transfers for TIA details.
Payment and Financial Services
These sub-processors handle payment processing, billing, invoicing, and financial transactions.
| Sub-Processor | Purpose | Location | Data Categories |
|---|---|---|---|
| Stripe, Inc. stripe.com | Payment processing, subscription billing, credit card tokenization, PCI-DSS compliant payment handling | Dual Processing: • USA (Stripe, Inc.) • Ireland (Stripe Payments Europe, Ltd.) EEA customers processed by Irish entity where possible; SCCs for USA processing | • Payment card information (tokenized - Stripe holds card details, not Clients.ai) • Billing name and address • Transaction history • Invoice records • Email for payment receipts |
Communication and Email Services
These sub-processors facilitate email delivery, transactional communications, and customer support communications.
| Sub-Processor | Purpose | Location | Data Categories |
|---|---|---|---|
| SendGrid (Twilio Inc.) sendgrid.com | Transactional email delivery (account notifications, password resets, subscription confirmations, platform alerts) | USA SCCs + TIA | • Email addresses • First name (for personalization) • Email content and metadata • Delivery and engagement metrics (opens, clicks) |
Analytics and Monitoring
These sub-processors provide analytics, application performance monitoring, error tracking, and usage insights.
| Sub-Processor | Purpose | Location | Data Categories |
|---|---|---|---|
| Google Analytics Google LLC | Website analytics, user behavior tracking, conversion tracking (anonymized IP addresses) | USA SCCs + Google EU Data Processing Terms | • Anonymized IP addresses (last octet masked) • Browser and device information • Page views and navigation paths • Cookie identifiers No PII collected |
| Sentry Functional Software, Inc. | Application error tracking, performance monitoring, crash reporting | USA SCCs | • Error logs and stack traces • User IDs (pseudonymized UUIDs) • Browser and OS information • Performance metrics PII scrubbed from error logs |
Affiliated Integration Partners (Joint Controllers)
These entities are Affiliated Integration Partners that act as both sub-processors and joint controllers. They provide integrated platform functionality and may process personal data for their own purposes (service delivery, marketing, analytics) with your explicit consent under GDPR Article 6(1)(a) and legitimate interests under Article 6(1)(f).
See Terms of Service Section 10.6 and Section 17.6(4) for detailed information about Affiliated Partner data sharing, consent mechanisms, and your right to withdraw consent for marketing communications.
| Affiliated Partner | Purpose | Location | Data Categories |
|---|---|---|---|
| Punctual.ai punctual.ai | Booking and scheduling services, calendar integrations, appointment management | Canada (EU adequacy decision applies) | • User name and email • Calendar availability • Appointment details • Lead contact information (if scheduling leads) |
| Enclose.ai enclose.ai | Payment integration, invoicing, billing services, transaction management, payment-related marketing communications | Canada (EU adequacy decision applies) | • User account details • Billing information • Payment history • Transaction records |
| Enclosed.ai enclosed.ai | Direct mail services, physical marketing materials, print fulfillment | Canada (EU adequacy decision applies) | • Mailing addresses • Recipient names • Marketing preferences |
| Epub.ai epub.ai | Educational content delivery, lead magnet creation and distribution, digital content hosting | Canada (EU adequacy decision applies) | • User email and name • Content access history • Lead magnet downloads • Engagement metrics |
| Prognostic.ai prognostic.ai | AI agent engine infrastructure, autonomous agent orchestration, AI model management | Canada / USA (SCCs for USA transfers) | • User configuration and settings • Agent workflow data • AI model usage statistics • Pseudonymized training data |
| Sharecd.com sharecd.com | Link sharing and tracking, content delivery, URL shortening, click analytics | Canada (EU adequacy decision applies) | • Link click data • IP addresses (anonymized) • Referrer information • Browser and device data |
Joint Controller Status: Affiliated Integration Partners act as joint controllers for certain processing activities (marketing communications, analytics, product development). Each party is independently responsible for compliance with data protection laws for their respective processing purposes.
Withdrawing Marketing Consent: You may opt out of marketing communications from Affiliated Partners at any time using unsubscribe links in emails or by contacting them directly. Withdrawal does not affect service delivery or processing based on other lawful bases (contract performance, legitimate interests).
Changes to Sub-Processors
Clients.ai may add, replace, or remove sub-processors from time to time as necessary to provide and improve the Services. We will provide advance notice of material changes to sub-processors through one or more of the following methods:
- Email notification: Sent to your account email address at least 30 days before the new sub-processor begins processing personal data
- Platform notification: In-app notification when you log into Clients.ai dashboard
- This page: Updated sub-processor list published on this page with effective date
Your Right to Object
If you object to a new sub-processor on reasonable data protection grounds (e.g., sub-processor located in country with inadequate data protection, lacks appropriate security measures, etc.), you may:
- Notify us in writing at legal@clients.ai within 30 days of receiving notice of the change
- Provide specific, reasonable data protection grounds for your objection (general preference not sufficient)
- We will work with you to address concerns or provide alternative solutions where feasible
- If we cannot resolve your objection, you may terminate your subscription without penalty by providing written notice within the 30-day objection period
Deemed Consent: If you do not object within 30 days of notice, you are deemed to have consented to the new sub-processor.
Questions About Sub-Processors
For questions about our sub-processors, data processing practices, or to request additional documentation (data processing agreements, security certifications, compliance attestations), please contact:
KC Meta Ventures, Inc.
141 Sandwich Street North
Amherstburg, Ontario, N9V 2V1
Canada
Compliance Inquiries: compliance@Clients.ai
Legal / DPO Requests: legal@clients.ai
Related Documents:
• Terms of Service - Section 17.6 (Data Processing Addendum)
• Privacy Policy - Section 5 (How We Share Information)
• International Data Transfers - SCCs and TIA for third-country sub-processors
• Security Policy - Technical and Organizational Measures
• Transparency Report - Government Access Requests