Third-party providers, disclosed.
Vovance Inc. may engage third-party service providers to deliver Rumbe AI. A provider is listed as a subprocessor only when it processes customer personal data on behalf of Vovance Inc. for the contracted service.
Production validation required
Only vendors actually used in the relevant production deployment should be published. The list below is a disclosure framework and must be completed with legal entity names, processing purpose, data categories, location, transfer mechanism, and current status.
| Category | Potential Provider | Processing Purpose | Publication Status |
|---|---|---|---|
| AI model services | OpenAI | Generate or process approved AI requests | Confirm production use and account controls |
| AI model services | Groq | Generate or process approved AI requests | Confirm production use and account controls |
| AI model services | Google Gemini | Real-time or text model processing where enabled | Confirm production use and account controls |
| Email delivery | ZeptoMail or configured SMTP provider | Transactional and support email | List the actual production provider |
| Payment processing | Stripe | Subscription, invoice, payment, and billing events | Confirm scope and contracting entity |
| Object storage | S3-compatible storage provider | Store approved attachments and files | Identify the actual provider and region |
| Vector infrastructure | ChromaDB hosting or self-hosted | Store and retrieve knowledge embeddings | State whether self-hosted |
| Cloud hosting | Production cloud or data-center provider | Application, database, network, and backup hosting | Identify actual provider and regions |
| Analytics / monitoring | To be confirmed | Product analytics, error monitoring, or security logging | List only if enabled |
Required disclosure fields
For each subprocessor, publish:
- —Legal entity name
- —Service category
- —Purpose of processing
- —Types of customer data involved
- —Primary processing locations
- —International transfer mechanism where applicable
- —Date added or last updated
- —Link to provider privacy/security information
- —Whether the provider is optional or feature-dependent
Customer notification
The applicable DPA should define how Vovance Inc. notifies customers of material subprocessor changes and how customers may raise a reasonable data-protection objection.
Bring Your Own LLM Key
BYOL may change the commercial and technical relationship with an AI provider, but it does not automatically remove the provider from the data flow. The parties should determine whether the provider acts directly for the customer, as a Vovance subprocessor, or under another role.
Self-hosted components
When a component such as ChromaDB is self-hosted within Vovance-controlled infrastructure, it should be described as an internal component rather than an external subprocessor. The underlying cloud host may still be a subprocessor.
Frequently asked questions
Are all providers in this framework confirmed subprocessors?+
No. The production deployment must be validated before publication. Only vendors actually processing customer personal data should be listed.
Is OpenAI always used?+
Rumbe supports multiple providers and organization-level configuration. Actual provider use depends on the selected model and deployment.
Does BYOL remove the need to disclose an AI provider?+
Not automatically. The provider remains in the processing flow, though its legal role may differ.
How will customers learn about changes?+
The executed DPA should define notice timing, communication method, and objection rights.
Evaluate Rumbe AI for your environment.
Vovance Inc. can discuss Rumbe AI’s contracts, controls, deployment assumptions, and commercial options for your use case.