CHRP Subprocessors

Last Updated: April 1, 2025

To support delivery of CHRP’s services, we engage third-party service providers (“subprocessors”) with access to limited personal data. All subprocessors are contractually bound to comply with applicable privacy laws and maintain strict data protection standards.

Subprocessor Purpose Location Data Processed

Amazon Web Services (AWS)

Cloud hosting

USA

Account data, streaming metadata, emotional scores

Auth0 (Okta)

Authentication

USA

Email, password (encrypted), session tokens

Stripe

Payments

USA

Billing info, name, email (customers only)

Google Cloud

Analytics infrastructure

USA

Aggregated, de-identified usage data

SendGrid (Twilio)

Transactional email

USA

Name, email

Sentry

App error tracking

USA

Anonymized technical diagnostics

Microsoft Azure

Backup and disaster recovery

USA

Encrypted backups

OpenAI (if used)

LLM-generated coaching (de-identified prompts only)

USA

No PII, de-identified text inputs

Data Safeguards

• All subprocessors meet GDPR/CCPA standards

• Data access is limited to the minimum necessary

• No subprocessor is authorized to use CHRP data for their own purposes

• Music streaming data is never shared with subprocessors outside of approved scopes.

Changes & Notifications

We notify clients at least 15 days before adding new subprocessors. To object or request more info, email privacy@chrp.ai.