Subprocessor List

Draft only. Requires legal review before publication. This software provides compliance tooling, but does not provide legal advice.

Subprocessor List

Purpose

Publish the third-party providers that may process customer personal data for BAAM AI.

Source model

This slot follows mature SaaS and security-software legal-center patterns: Zapier-style customer terms, DPA, subprocessors, security, and data-transfer material; Avast-style license, acceptable-use, privacy, IP, transparency, and accessibility material.

Jurisdiction focus

Prepare this for EU users and Czech-market operation. Complete operator details, Czech consumer wording, cookie consent behavior, GDPR roles, and cross-border transfer safeguards before publication.

How to use this list

List each provider, purpose, data category, location, transfer safeguard, and link to the provider's terms or privacy material.

Hosting, security, and storage

Add Cloudflare, R2/D1, logs, CDN, security, and any backup provider actually used.

Payments

Add Stripe or the active payment processor and clarify whether it acts as independent controller for payment data.

AI providers

Add OpenAI, Anthropic, Google Gemini, xAI, or any provider enabled in production, including whether customer content is sent and under what account terms.

Analytics and marketing

Add GA4, Google Ads, Meta, TikTok, LinkedIn, Pinterest, Hotjar, email providers, CRM tools, and only those actually configured.

Publishing and integrations

Add WordPress, Meta, Shopify, Google Search Console, Bing Webmaster, webhooks, and other customer-selected destinations where BAAM AI sends data.

Change notices

Explain how customers are notified of material subprocessor additions and how they can object if the DPA grants that right.

Completion checklist

• Do not list providers that are not active.
• Review Admin > Integrations and Admin > Marketing before launch.
• Keep transfer safeguards current.