GritFlow
Back to LegalLegal

Subprocessors

Last updated: June 4, 2026

This page explains how GritFlow AI, LLC (“GritFlow,” “we,” “us,” or “our”) uses subprocessors and how customers obtain the current itemized list. It is referenced by, and should be read together with, our Terms of Service, our Privacy Policy, and our Data Processing Addendum.

1. What a Subprocessor Is

A “Subprocessor” is a third party that GritFlow engages to process Customer Data on our behalf, or to host and operate the Services for us, in the course of providing those Services.

Before a Subprocessor processes Customer Data, we put a written contract in place that binds it to data-protection terms no less protective than those we owe our customers under the DPA. Every Subprocessor that is an AI model provider is additionally bound by GritFlow's no-training restriction — it is contractually prohibited from using Customer Data to train its own models or for any independent purpose, consistent with the “AI Processing” section of our Privacy Policy.

2. The Categories of Subprocessors We Use

To deliver the Services, GritFlow engages a small, vetted set of subprocessors across these functions:

  • Hosting and compute — the cloud platform the Services run on.
  • Managed database and authentication — the managed data platform that stores application data and authenticates users.
  • Object storage — storage for files and related objects.
  • AI model processing — the AI model provider(s) that power the AI features (bound by the no-training restriction).
  • Business communications — email and related business communications.

All subprocessors process Customer Data in the United States, or under terms consistent with US-based processing.

3. The Current Itemized List Is Available on Request

For security reasons, GritFlow does not publish the itemized vendor list — specific vendor names, locations, and processing details — on this public page, because a public map of our infrastructure and architecture would help an attacker more than it helps a customer.

Customers and qualified prospects can obtain the current itemized Subprocessor list on request, under an appropriate NDA, by contacting privacy@gritflowai.io. Customers under contract also receive the list and advance notice of changes as described below and in the DPA.

4. Notice and Right to Object

GritFlow gives advance notice before adding or replacing a Subprocessor that processes Customer Data. We provide that notice to customers under contract — by email to the contact on file for the account and/or in-product — at least 30 days before the new or replacement Subprocessor begins processing Customer Data, except where urgent replacement is required for security, legal, availability, or continuity reasons.

If you have a contract with us and a reasonable, data-protection-related objection to a new or replacement Subprocessor, you may object within 15 days of our notice, as described in our Data Processing Addendum. We will work with you in good faith to address it; if we cannot, your remedy is to terminate the affected Services in accordance with the DPA.

5. Contact

Questions about our Subprocessors, or to request the current itemized list under NDA, can be directed to:

GritFlow AI, LLC — Attn: GritFlow AI, LLC · 41 Peabody St, Nashville, TN 37210, United States

Email: privacy@gritflowai.io · Web: gritflowai.io

Subprocessors | GritFlow