hiroi Legal
Docs Sign In
Terms of Service Privacy Policy Cookie Policy Acceptable Use
Security Policy Data Processing Agreement Subprocessors

Subprocessors

Effective Date: February 7, 2026 Last Updated: February 7, 2026

Overview

hiroi uses the following third-party service providers ("sub-processors") to process data as part of the hiroi platform. This list is maintained in accordance with our Data Processing Agreement.

Current Sub-Processors

Sub-Processor Purpose Data Processed Location
OpenAI AI conversation processing Chat messages, system prompts, knowledge base context United States
Google OAuth authentication Email address, display name, profile picture United States
ElevenLabs Voice synthesis (text-to-speech) Text content from conversations United States
Stripe Payment processing Customer ID, payment method tokens, transaction data United States

Sub-Processor Details

OpenAI

  • Service: GPT API for generating chatbot responses
  • Data processed: Conversation messages and configured system prompts are sent to OpenAI's API for response generation. Knowledge base content may be included as context.
  • Data retention by sub-processor: Subject to OpenAI's data usage policies. We use API configurations that minimize data retention by OpenAI.
  • Security: SOC 2 Type II certified

Google

  • Service: OAuth 2.0 authentication
  • Data processed: During sign-in, Google provides the user's email address, display name, and profile picture URL to hiroi.
  • Data retention by sub-processor: Subject to Google's privacy policy. hiroi does not share user data back to Google.
  • Security: SOC 2 Type II certified, ISO 27001

ElevenLabs

  • Service: Text-to-speech voice synthesis
  • Data processed: Text content from conversations is sent to ElevenLabs for voice generation when voice mode is enabled.
  • Data retention by sub-processor: Subject to ElevenLabs' data processing terms.
  • Security: Enterprise security measures

Stripe

  • Service: Payment processing and subscription management
  • Data processed: Payment method tokens, customer identifiers, and transaction metadata. hiroi does not handle or store raw payment card data.
  • Data retention by sub-processor: Subject to Stripe's data processing agreement and PCI-DSS requirements.
  • Security: PCI-DSS Level 1, SOC 2 Type II certified

Changes to Sub-Processors

In accordance with our Data Processing Agreement:

  • We notify customers at least 30 days before engaging a new sub-processor
  • Notifications are sent via email to the account owner's registered email address
  • Customers may object to new sub-processors within 14 days of notification
  • This page is updated when sub-processor changes take effect

Subscribe to Updates

To receive notifications about sub-processor changes, ensure your account email is up to date in your account settings.

Contact

For questions about our sub-processors:

hiroi - Privacy Email: [email protected]

Cookie Preferences

We use essential cookies to make our service work. You can choose to enable optional cookies for a better experience. Learn more

Cookie Preferences

Essential

Required for the service to function

Always On

Analytics

Help us understand how the service is used