Effective Date: 6 May 2026 Last Updated: 6 May 2026
A "sub-processor" is a third party that processes personal data on our behalf to help us deliver the Service. We have a written agreement with each sub-processor below imposing obligations consistent with our customer commitments under our Data Processing Agreement.
If you are a customer and want to receive notice of changes to this list, email hatch.officiall@gmail.com to be added to our notification list.
Active sub-processors
| Sub-processor | Purpose | Type of data processed | Location of processing |
|---|---|---|---|
| Amazon Web Services, Inc. (AWS) | Cloud infrastructure, file storage (S3), database hosting | All Service data: account information, uploaded documents, generated content, audio files, embeddings, logs | United States (default region: us-east-1); European Union region available on request |
| OpenAI, L.L.C. | LLM services for text extraction, summarization, content generation, quiz generation, and chatbot responses | Document text, prompts containing document context, chatbot questions and answers | United States. Data is not used to train OpenAI's models when accessed via the API. |
| ElevenLabs, Inc. | Text-to-speech (podcast audio generation) | Podcast scripts (text only) | United States |
| Railway Corporation (or your hosting provider) | Application hosting and deployment | Whatever the application processes during request handling; logs | United States / European Union (depending on region) |
| Google Workspace (e.g., SendGrid, Postmark, Resend, AWS SES) | Transactional email delivery (password resets, notifications) | Email addresses, names, transactional message content | United States / European Union (depending on provider) |
Cross-border transfers
For sub-processors located outside Georgia and the European Economic Area, we rely on the following safeguards:
- Standard Contractual Clauses approved by the European Commission (Modules 2 and/or 3, as applicable)
- Supplementary measures including encryption in transit and at rest, access controls, and (where offered) zero-data-retention configurations with AI providers
- Adequacy decisions where a recipient is in a country recognized as offering an adequate level of data protection
- EU–US Data Privacy Framework where the recipient is certified
Changes to this list
We may add, remove, or replace sub-processors. When we do:
- Customers on our notification list receive advance notice for material changes
- Customers may object on reasonable, documented data-protection grounds; if we cannot accommodate the objection, the customer may terminate the affected portion of the Service per their contract
Emergency replacements (e.g., a vendor outage) may be made without advance notice; we will notify customers as soon as practicable.
Questions: hatch.officiall@gmail.com