1 · Overview
A sub-processor is any third party that processes SwarmEngines customer data on our behalf. We distinguish two groups:
- Core sub-processors — used for every customer, every plan. These are intrinsic to the Services.
- Optional sub-processors — only engaged if you activate a skill or integration that uses them. Disconnecting the integration stops data flow.
2 · Core sub-processors
These sub-processors are used for every customer. They cannot be disabled.
| Entity | Purpose | Location | Data processed |
|---|---|---|---|
Amazon Web Services Privacy | Hosting, compute, storage, managed Postgres, KMS, CloudWatch logs | US (us-west-2, Oregon) | All customer data including account info, agent I/O, credentials (encrypted) |
Anthropic (via AWS Bedrock) Privacy | Foundation models (Claude Haiku/Sonnet/Opus) for agent reasoning | US | Agent inputs/outputs during skill execution (not retained by Anthropic under Bedrock terms) |
Amazon (Nova Sonic) Privacy | Voice foundation model for AI Receptionist and outbound voice skills | US | Call audio + transcripts during voice-skill execution |
Google (Identity) Privacy | OAuth sign-in for the customer dashboard | US | Google profile info (name, email, profile photo, Google account ID) on sign-in |
Stripe Privacy | Subscription billing, payment processing, customer portal | US | Billing contact info, subscription state. Card data collected directly by Stripe — never reaches SwarmEngines servers. |
Resend Privacy | Transactional email delivery (welcome, receipts, alerts) | US | Customer email address + transactional message body |
Sentry Privacy | Error tracking and performance monitoring | US (data residency options available) | Stack traces, request metadata, user identifier. PII scrubbed before ingestion. |
Cloudflare Privacy | CDN, DNS, DDoS protection (if enabled in front of Lightsail) | Global edge | HTTP metadata (IP, user agent, URL). Not used to inspect response bodies. |
3 · Optional sub-processors
These are engaged only if you activate a related skill or integration. You can disconnect at any time via the dashboard; on disconnect, we revoke the associated token or API key at the provider within 24 hours.
| Entity | Purpose | Location | Data processed |
|---|---|---|---|
Twilio Privacy | SMS, voice, and phone-number provisioning for voice/SMS skills | US | Phone numbers, message bodies, call audio (if voice skills activated). Customer provides their own Twilio account credentials. |
SendGrid Privacy | Alternative / high-volume email delivery for email-heavy skills | US | Email addresses + message bodies for customer-initiated email |
Google Workspace APIs Privacy | Gmail / Calendar / Drive / Business Profile integrations | US | Only what the customer authorizes via OAuth. Scopes requested are shown before customer consents. |
HubSpot, Salesforce, Pipedrive, GoHighLevel, ActiveCampaign | CRM integrations — used only by skills the customer activates | US (varies) | Contact records, deal data — only scoped to the customer's own CRM data |
Shopify, ShipStation, QuickBooks Online, Jobber, Housecall Pro | E-commerce + field service integrations — used only when customer activates the relevant skill | US (varies) | Order, customer, fulfillment, invoice data — scoped to the customer's own tenant |
DocuSign, PandaDoc | E-signature routing for contract skills | US | Contract text, signer email, signature events |
Zoom | Meeting transcripts and recordings for meeting-related skills | US | Meeting recordings, transcripts — only for meetings the customer explicitly tags for processing |
Meta (Facebook Lead Ads) Privacy | Lead-ad webhook ingestion for the Facebook Lead Ad Responder skill | US | Lead form submissions from the customer's own FB ad account |
Airtable, Notion | Database / document-store integrations | US | Records and page content the customer chooses to sync |
Klaviyo, ManyChat, Intercom | Email / messaging / chat platforms for customer-ops skills | US | Contact records, message content, event streams |
4 · Updates and objections
When we add or replace a sub-processor that processes Personal Data, we update this page and notify customers at the email address on file at least 30 days before the change takes effect.
Customers may object to a new sub-processor on reasonable data-protection grounds by replying to the notification email or writing to privacy@swarmengines.com. If we cannot resolve the objection, the objecting customer may terminate the Services for a prorated refund.