← Chem IRL Solutions
Data processing addendum
Last updated: 11 June 2026
When Chem IRL Solutions handles your customers' emails, you are the data controller and Chem IRL Solutions acts as a processor under GDPR. In summary:
- We process email content solely to provide the service you configure — drafting, tagging, and sending replies.
- Data is hosted in the EU (Supabase, eu-west-1). OAuth tokens are encrypted at rest with AES-256-GCM.
- Subprocessors: Vercel (hosting & AI gateway), Supabase (database), AI model providers via Vercel AI Gateway (inference; API data not used to train their models), Google (Gmail API), Stripe (payments), Resend (transactional email).
- We notify customers of personal-data breaches without undue delay and assist with data-subject requests.
- On termination, workspace data is deleted; inbox credentials are deleted immediately on disconnect.
A signable DPA (with the full subprocessor list and SCCs where applicable) is available on request: [add a monitored contact email before publishing].