← Chem IRL Solutions

Data processing addendum

Last updated: 11 June 2026

When Chem IRL Solutions handles your customers' emails, you are the data controller and Chem IRL Solutions acts as a processor under GDPR. In summary:

  • We process email content solely to provide the service you configure — drafting, tagging, and sending replies.
  • Data is hosted in the EU (Supabase, eu-west-1). OAuth tokens are encrypted at rest with AES-256-GCM.
  • Subprocessors: Vercel (hosting & AI gateway), Supabase (database), AI model providers via Vercel AI Gateway (inference; API data not used to train their models), Google (Gmail API), Stripe (payments), Resend (transactional email).
  • We notify customers of personal-data breaches without undue delay and assist with data-subject requests.
  • On termination, workspace data is deleted; inbox credentials are deleted immediately on disconnect.

A signable DPA (with the full subprocessor list and SCCs where applicable) is available on request: [add a monitored contact email before publishing].