Subprocessors
This page lists the third parties (“subprocessors”) that may process personal data on behalf of Cruxi.
Last updated: Jan 19, 2026
Core infrastructure
| Vendor | Purpose | Data categories |
|---|---|---|
| Google Cloud Platform | Hosting, storage, networking, monitoring | Account data, application data, logs/metadata, IP address |
Analytics & measurement (only with consent in EU/UK)
| Vendor | Purpose | Data categories |
|---|---|---|
| Google Tag Manager | Loads analytics/measurement tags | Device/browser data, event metadata, IP address |
| Google Analytics (GA4) | Product analytics and performance measurement | Usage events, device/browser data, IP address |
Payments
| Vendor | Purpose | Data categories |
|---|---|---|
| Stripe | Payment processing, invoicing, fraud prevention | Billing details, payment metadata, contact details |
AI processing
| Vendor | Purpose | Data categories |
|---|---|---|
| Google Gemini / Vertex AI | AI-assisted features (text generation, analysis) | Inputs you submit to AI features (may include personal data if you provide it) |
Subprocessor selection and security
We assess subprocessors for security, reliability, and data protection practices. We prioritize vendors with mature compliance programs, strong audit histories, and contractual commitments aligned with our privacy obligations.
Where applicable, we use role-based access control, encryption in transit and at rest, and least‑privilege principles to limit exposure of personal data.
Changes to subprocessors
We may update this list as our infrastructure evolves. Material changes will be posted here, and we will provide reasonable notice when required by law or contract.
Need external privacy support?
If you need help with privacy operations, GDPR representation, or compliance services, you can compare vetted providers via the Cruxi directories hub.
Contact
Questions? Email privacy@cruxi.ai.