Gia Marine Intelligence LLC · Updated: [DATE]
This page lists the third-party service providers ("subprocessors") that Gia Marine Intelligence LLC uses to operate the Service. Each subprocessor processes personal data only on our instructions and is bound by appropriate contractual safeguards (data processing terms, confidentiality, and security obligations). We review this list at least annually and update it when subprocessors are added, removed, or replaced.
We will provide at least 30 days' advance notice of any new subprocessor that will process customer personal data, except where a change is required for urgent security or legal reasons. Customers with a signed Data Processing Agreement may subscribe to subprocessor change notifications by emailing legal@giamarine.com.
| Subprocessor | Role | Data processed | Location | Safeguards |
|---|---|---|---|---|
| Render Services, Inc. render.com/security |
Hosting | Application hosting, PostgreSQL database. Stores all account data, query logs, feedback, organization records, and access control lists. | United States | SOC 2 Type 2; Render DPA; encryption in transit and at rest. |
| Cloudflare, Inc. cloudflare.com/trust-hub |
CDN / Storage | R2 object storage. Two buckets: (1) a public bucket holding rendered page images (PNGs of manual pages) served to authorized users; (2) a private bucket holding raw PDFs uploaded by manufacturer customers through the self-upload portal pending review and ingestion. The private bucket is not publicly accessible and is reached only via short-lived signed URLs. Neither bucket stores personal data. | United States; global edge | SOC 2 Type 2; ISO 27001; Cloudflare DPA; SCCs for EU transfers. |
| Pinecone Systems, Inc. pinecone.io/security |
Vector DB | Stores vector embeddings of manual pages and knowledge base content. Receives query vectors at search time. Does not receive user account identifiers or raw query text in metadata. | United States (AWS us-east-1) | SOC 2 Type 2; Pinecone DPA; encryption in transit and at rest. |
| Subprocessor | Role | Data processed | Location | Safeguards |
|---|---|---|---|---|
| OpenRouter, Inc. openrouter.ai/privacy |
LLM proxy | Routes user queries and retrieved manual context to upstream LLM providers (currently Anthropic). Used during the beta; Gia Marine plans to migrate to direct Anthropic contracts for enterprise traffic. | United States | OpenRouter ToS; no-training commitment confirmed in writing; will be replaced by direct Anthropic contract for enterprise customers. |
| Anthropic, PBC anthropic.com/legal |
LLM provider | Generates responses based on user queries and retrieved manual context. Processes the full prompt (including any user question and conversation history) and returns generated text. | United States | SOC 2 Type 2; Anthropic Commercial Terms; no-training-on-customer-data commitment; zero data retention available on enterprise plans; SCCs for EU transfers. |
| Google LLC (Gemini API) cloud.google.com/terms/data-processing-addendum |
Embeddings | Generates vector embeddings of user queries and manual page text. Receives query text and page text; returns numerical vectors. Does not receive user account identifiers. | United States; global Google Cloud regions | SOC 2 Type 2; ISO 27001/27017/27018; Google Cloud DPA; SCCs for EU transfers; no-training commitment under Gemini API paid-tier terms. |
| Subprocessor | Role | Data processed | Location | Safeguards |
|---|---|---|---|---|
| Google LLC (Workspace) workspace.google.com/terms/dpa_terms.html |
Internal | Email (legal@, security@, support@), shared documents, calendar. May incidentally contain personal data of users who email us. | United States; global Google Cloud regions | SOC 2 Type 2; ISO 27001; Google Workspace DPA; SCCs. |
| GitHub, Inc. (Microsoft) github.com privacy policies |
Internal | Source code repository. Does not contain customer personal data in production. | United States | SOC 1 Type 2; SOC 2 Type 2; ISO 27001/27018; Microsoft DPA. |
| 1Password (AgileBits Inc.) 1password.com DPA |
Internal | Secrets management for Gia Marine team. Does not process customer personal data. | United States; Canada | SOC 2 Type 2; ISO 27001; 1Password DPA. |
The following providers will be added when the corresponding capability launches. They are listed here for transparency; this page will be updated with confirmed effective dates and current commitments at the time of activation.
| Subprocessor | Role | Data processed | Status |
|---|---|---|---|
| Stripe, Inc. | Planned | Payment processing for paid subscriptions. Will receive payer name, billing address, payment card details (handled directly by Stripe; not transmitted through Gia Marine servers). | Activates with paid billing launch. |
| Functional Software, Inc. (Sentry) | Planned | Error monitoring. May receive partial request data and stack traces. Configured to scrub email addresses and other identifiers from event payloads. | Activates with production hardening rollout. |
| Vanta, Inc. | Planned | SOC 2 compliance automation. Reads configuration metadata from our cloud accounts. Does not have access to customer data. | Activates with SOC 2 readiness program. |
| EU Representative (e.g., Prighter, EDPO, or VeraSafe) | Planned | Acts as our EU representative under GDPR Article 27 for EEA-based data subjects. Receives forwarded data subject requests. | Activates before EU customer launch. |
| UK Representative | Planned | Acts as our UK representative under UK GDPR. Receives forwarded data subject requests from UK residents. | Activates before UK customer launch. |
If you have a signed Data Processing Agreement with Gia Marine and you object to a new subprocessor on reasonable, documented grounds (typically a material privacy or security concern), email legal@giamarine.com within the 30-day notice window. We will work with you in good faith to address the concern, including by:
Last updated: [DATE] · Privacy Policy · Terms of Service · Acceptable Use