Subprocessors

Last updated: March 3, 2026

Introduction

This page lists all third-party service providers (subprocessors) that Agentic Tech LLC ("we," "us," or "our") uses to deliver our Services through the Agent Builder platform. All subprocessors are bound by contract to comply with GDPR, CCPA, and applicable data protection regulations. We carefully vet each provider to ensure they maintain appropriate security and privacy standards.

We will update this page when we add or remove subprocessors. For significant changes, we will notify users via email at least 30 days in advance.

Current Subprocessors

Stripe

Payment Processing United States

Purpose: Processes all payment transactions, manages subscriptions, and handles secure payment card data. Stripe is PCI-DSS Level 1 certified.

Data Processed: Billing information, payment card details, transaction history, customer email addresses.

Privacy Policy: stripe.com/privacy

Google Cloud Platform (GCP)

Infrastructure & Hosting United States (us-central1)

Purpose: Hosts our production website, databases, and application infrastructure. Provides compute, storage, and networking services.

Data Processed: All data stored on our platform including user accounts, marketplace content, license records, and support tickets.

Privacy Policy: cloud.google.com/privacy

GitHub

Development & Version Control United States

Purpose: Hosts our code repositories, manages plugin releases, and facilitates community contributions via discussions and issues.

Data Processed: Public code repositories, contribution history, issue/discussion content, GitHub usernames.

Privacy Policy: github.com/privacy

Brevo (formerly Sendinblue)

Email Communications European Union (France)

Purpose: Sends transactional emails including license confirmations, password resets, support ticket notifications, and marketplace updates.

Data Processed: Email addresses, names, email content, delivery metrics (opens/clicks for transactional emails only).

Privacy Policy: brevo.com/privacy

xAI (Grok)

AI Services United States

Purpose: Powers AI agent capabilities when users configure xAI as their AI provider. Processes prompts and generates AI responses for agents built with Agent Builder.

Data Processed: User prompts, AI model inputs/outputs, API usage metadata. Note: We do not log or store AI conversation content; data is sent directly to xAI per user configuration.

Privacy Policy: x.ai/privacy

OpenAI

AI Services (Optional) United States

Purpose: Alternative AI provider that users can configure for their agents. Provides GPT models for AI agent functionality.

Data Processed: User prompts, AI model inputs/outputs when OpenAI is configured as the provider. We do not store conversation content.

Privacy Policy: openai.com/privacy

Anthropic

AI Services (Optional) United States

Purpose: Alternative AI provider offering Claude models that users can configure for their agents.

Data Processed: User prompts, AI model inputs/outputs when Anthropic is configured as the provider. We do not store conversation content.

Privacy Policy: anthropic.com/privacy

Google Vertex AI

AI Services (Premium) United States

Purpose: Powers the Premium Vector Store & RAG Training feature. Used for embeddings generation and managed vector storage/search, enabling agents to be trained on your own content, documents, and business data using Retrieval-Augmented Generation (RAG).

Data Processed: Documents and WordPress content (posts, pages, custom post types) that you upload or choose to index for RAG training. Processed by our services and stored in a Google Vertex AI managed vector database. This feature is opt-in and only active on Pro plans.

Data Usage Note: Your uploaded content is processed in accordance with Google’s data processing terms. Google does not use your data to train its models without explicit consent.

Terms of Service: cloud.google.com/terms

Privacy Policy: policies.google.com/privacy

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all subprocessors that handle personal data on our behalf. These agreements ensure:

  • Compliance with GDPR Article 28 and equivalent CCPA requirements
  • Appropriate technical and organizational security measures
  • Limitations on data use and processing
  • Obligations for data breach notification
  • Rights of audit and inspection
  • Data deletion upon contract termination

DPAs are available upon request by contacting [email protected].

Data Locations

The majority of our subprocessors are located in the United States. Data transferred to the US is protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Supplementary measures as required by Schrems II
  • Service providers' participation in recognized privacy frameworks

Brevo operates within the European Union, ensuring GDPR compliance without cross-border transfers for email services.

AI Provider Notes

Important: AI services (xAI, OpenAI, Anthropic) are optional and user-configured. When you provide your own API keys for these services:

  • You establish a direct relationship with that AI provider
  • Their privacy policy governs how they handle your data
  • We do not log, store, or have access to AI conversation content
  • We only receive metadata (API success/failure, usage counts) for service functionality

Users control which AI provider they use, if any, and can switch providers or disable AI features at any time.

Change Notification

We will update this page when we:

  • Add a new subprocessor
  • Remove an existing subprocessor
  • Change a subprocessor's purpose or data processing activities

For material changes, we will notify users via email at least 30 days in advance, allowing you to object or terminate your account if you do not agree with the change.

Contact Us

If you have questions about our subprocessors or data processing practices:

We will respond to all inquiries within 30 days.