Subprocessors
The following sub-processors are engaged by Saltfish AB. Each sub-processor may process personal data in order to deliver its services.
Vendor
Purpose
Location
Data types
Google Cloud Services (GCS)
Cloud hosting, storage, authentication
EU
Customer Content, Outputs, telemetry, authentication
Stripe
Payment processing
EU/US
Billing metadata (name, email, plan, address)
Fal.ai (Features & Labels Inc.)
Avatar media generation (video/audio rendering)
US
Creator recordings (video/audio), generated Outputs
ElevenLabs
Audio generation (text-to-speech)
US
Customer scripts/text, generated audio
Google Workspace
Email & support
EU
Customer contact info, support messages
Slack
Customer support via shared channels
EU
Customer contact info, support messages, feedback
Posthog
Product analytics
EU
Usage telemetry, event tracking
GDPR compliance and data transfers
Saltfish AB is established in Sweden and subject to the General Data Protection Regulation (GDPR) for all processing activities, regardless of where data is stored or processed.
EU/EEA processing: Where possible, sub-processors are configured to use EU/EEA data centers to minimize cross-border transfers.
Transfers outside the EU/EEA: Certain sub-processors (e.g. media-generation providers) may process personal data on global infrastructure, including in the United States.
Safeguards: Where such transfers occur, Saltfish relies on the European Commission’s Standard Contractual Clauses (SCCs), together with supplementary measures, as described in our DPA.
No training: Neither Saltfish nor its sub-processors use Customer Content, Outputs, or Personal Data for model training or product improvement.
Deletion: Sub-processors are required to delete personal data in line with Saltfish’s DPA timelines, subject to unavoidable technical retention limits disclosed to Customers.
Notice and objection: Saltfish provides at least 30 days’ prior notice of material changes to this list. Customers may object on reasonable privacy or security grounds in accordance with the DPA.