Platform
Sub-Processor List
The categories of sub-processors ChefSphere engages to deliver the Service, what they process, where they operate, the legal basis for the transfer, and how we notify you before adding a new one.
This page lists the categories of sub-processors engaged by ChefSphere OÜ ("ChefSphere") to deliver the Service. It supplements the Privacy Policy §5 (which identifies the categories of recipients in prose) and supports our obligations under Art. 28 GDPR and under any Data Processing Agreement ("DPA") we sign with a customer. It is published in category form by design: naming vendors individually is not required under Art. 13/14 GDPR, and vendor-level detail can change without any effect on the personal data processed. Enterprise customers can request a named-vendor DPA schedule by writing to [email protected].
1. Legal basis for engaging sub-processors
- Each sub-processor is engaged under a written data-processing agreement that meets the requirements of Art. 28(3) GDPR: confidentiality, security, sub-processor controls, assistance with data-subject rights, deletion or return at the end of the service, audit cooperation, and flow-down on their sub-processors.
- We perform a vendor-risk assessment before engagement. For any transfer of personal data outside the EEA we run a Transfer Impact Assessment under EDPB Recommendations 01/2020, document the legal basis of the transfer (adequacy, DPF, SCCs), and the technical and organisational safeguards we apply.
- Every sub-processor has a documented purpose limitation: they may only process the data we send them to perform the specific task we engaged them for.
- We review the list at least annually, and on any material change.
2. Categories in active use
The table below describes the categories ChefSphere engages. Categories marked EEA operate entirely inside the European Economic Area. Categories marked EEA + non-EEA involve at least one vendor whose production region is outside the EEA; the transfer basis is listed.
| # | Category | Purpose (what they process) | Region | Transfer basis |
|---|---|---|---|---|
| 1 | Cloud hosting and object storage providers | Application and data hosting; user-uploaded media; recipe and ebook files; database snapshots. | EEA primary; hot-standby in-region. | N/A (EEA). |
| 2 | Content delivery and edge security providers | Caching of public media; Web Application Firewall; bot mitigation; DDoS absorption. | Global edge; EEA terminations preferred. | SCCs (Dec. 2021/914) for non-EEA edge PoPs, supplemented by encryption in transit and at rest. |
| 3 | Payment processors and subscription billing providers (web) | Card tokenisation, charging, refund, payout; VAT / tax calculation; DAC7 seller reporting. | EEA and US processors. | DPF (Decision (EU) 2023/1795) where the processor is certified; SCCs otherwise. |
| 4 | App Store and Google Play billing | In-app purchases and subscriptions on iOS and Android. Joint controllership with the store per the store's published terms. | US / EEA. | DPF or SCCs depending on the store entity. |
| 5 | Marketplace payment and identity-verification providers | KYC identity verification for sellers and authors; bank account capture; Stripe Connect onboarding. | EEA + US. | DPF / SCCs. |
| 6 | Transactional email delivery providers | Account, billing, security, and transactional email. No marketing. | EEA preferred; EU endpoints selected. | SCCs if non-EEA endpoint is selected. |
| 7 | Push-notification gateway providers | Delivery of push notifications to Apple and Google user devices. | US endpoints are inherent to APNs / FCM. | DPF / SCCs; device token only, no content payload outside transport encryption. |
| 8 | Real-time messaging and WebSocket providers | In-app chat delivery, presence, typing indicators, live reactions. | EEA. | N/A (EEA). |
| 9 | Live video and audio streaming providers | Chef Lives broadcast fan-out, recording, low-latency RTMP / HLS / WebRTC relay. | EEA + global edge. | SCCs for non-EEA relay edges. |
| 10 | AI / machine-learning model providers (text) | Powering AI Chef conversational assistant. | EEA-residency contract where offered; otherwise US. | DPF / SCCs + contractual no-training clause; no personal identifiers sent. See AI Disclosure §4. |
| 11 | AI / machine-learning model providers (vision / multimodal) | Fridge and food photo analysis, ingredient identification, accessibility alt-text suggestions. | EEA-residency contract where offered; otherwise US. | DPF / SCCs + contractual no-training clause. |
| 12 | AI / moderation classifier providers (text and image) | Automated content-safety screening before publication (CSAM, terror, hate, nudity, self-harm, prohibited goods). | EEA + US. | DPF / SCCs; classifier output retained; raw content purged on the provider side per §4 of the provider's retention schedule. |
| 13 | Shipping, logistics, and parcel-tracking providers | Carrier-label generation, rate shopping, tracking for worldwide Tools Marketplace orders. | EEA + US. | DPF / SCCs. |
| 14 | Error-monitoring, performance, and observability providers | Crash reports, structured logs, application performance metrics, uptime pings. | EEA data-residency option enabled. | N/A (EEA) where enabled; SCCs otherwise. |
| 15 | Analytics providers (first-party, minimal) | Aggregated Website analytics; no advertising cookies; GPC-respecting. | EEA data-residency option enabled. | N/A (EEA) where enabled. |
| 16 | Customer support tooling | Support ticket system; helpdesk; email handling for [email protected] and legal inboxes. | EEA. | N/A (EEA). |
3. What we do not use
- Advertising / retargeting networks. We do not run third-party behavioural advertising on the Service and therefore engage no advertising vendor.
- Data brokers. We neither buy nor sell personal data to or from a data broker.
- Large consumer-data enrichment APIs. We do not enrich user profiles with data purchased from a third party.
- Voice-assistant / biometric fingerprinting SDKs. None are integrated.
4. Sub-sub-processors
Each sub-processor in §2 may engage its own processors to operate its infrastructure (e.g. a cloud provider running a transactional-email service). Those are documented in the sub-processor's public sub-processor list or in their DPA. Our DPA with each vendor prohibits a sub-processor from engaging a further sub-processor that is not in its published list without giving ChefSphere a reasonable opportunity to object.
5. Change-notice policy
- We aim to notify users of material changes to this list — adding a new category, or adding a vendor that processes personal data in a new region — at least 15 calendar days before the change takes effect. Notice is given on this page and by email to customers who have subscribed to the sub-processor update feed.
- A shorter notice period may apply where law, security, or an operational emergency requires faster action.
- A favourable change (for example moving a processor from non-EEA to EEA-only) takes effect immediately.
To subscribe to change notices for this page, send a message with subject "Subscribe: Sub-processor updates" to [email protected]. We maintain a dedicated notice mailing list for that purpose.
6. Requesting a named-vendor DPA schedule
Enterprise customers, authorities, and researchers may request a named-vendor schedule of the sub-processors we engage, with identification of each vendor, its corporate group, its primary processing region, and its role in the data flow. Requests are reviewed by the Legal and DPO teams.
- Email: [email protected] with subject "Named-vendor DPA schedule".
- Turnaround: usually 10 business days. We may ask for additional identification or a confidentiality undertaking before releasing the named schedule.
7. International transfers
All transfers outside the EEA are documented in our Transfer Register, which is available to Data Protection Authorities on request under Art. 30 GDPR. The public summary:
- United Kingdom: adequacy under Commission Decision (EU) 2021/1772.
- United States: adequacy under the EU–US Data Privacy Framework (Implementing Decision (EU) 2023/1795) where the US processor is self-certified to the DPF and the transfer falls within the scope of its certification.
- Other third countries: Commission Standard Contractual Clauses (Decision (EU) 2021/914) supplemented by a Transfer Impact Assessment where required by EDPB Recommendations 01/2020.
The full catalogue of decisions and the SCC modules used for each vendor is available to enterprise customers on signature of a mutual confidentiality agreement.
8. Your rights
You have every right listed in the Privacy Policy §9, including access, rectification, erasure, restriction, portability, and objection. A data-subject request can ask specifically which categories of sub-processor have received your personal data and for what purpose. Send the request to [email protected] or use the in-app Privacy Controls.
9. Changes
We update this page when a sub-processor category is added, removed, or materially changed. The effective date and version at the top of this page control.
10. Contact
- DPO: [email protected]
- Privacy / data subject requests: [email protected]
- Enterprise DPAs: [email protected]