Subprocessor List
Effective Date: March 25, 2026
Last Updated: March 25, 2026
Version: Public v1.0
This Subprocessor List identifies categories of third-party service providers that may process Customer Data or Personal Data on behalf of FireGroup JSC (“Company“) in connection with the provision of Transcy, OneMobile, OneLoyalty, and related services (collectively, the “Services“).
This list is provided for transparency and may be updated from time to time as our products, infrastructure, vendors, and operational needs evolve.
Important Notes
- This list is intended to be read together with our Terms and Conditions, Privacy Policy, and Data Processing Addendum.
- Not every subprocessor listed below will process data for every customer, product, plan, or region.
- Certain Third-Party Services may be engaged directly by the customer, including through customer-selected integrations or customer-supplied API keys. Where those providers are engaged directly by the customer, they may act independently under the customer’s own contractual relationship and may not always be acting as the Company’s subprocessor.
- Some providers may process data from multiple locations depending on service configuration, redundancy, support model, or regional service selection.
- Where required by applicable law or contract, we may provide notice of material changes to this list.
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| Amazon Web Services (AWS) | Cloud infrastructure, hosting, storage, networking, backup, and related infrastructure services | Account data, Customer Data, technical logs, support-related data, application data, backups | United States |
| Cloudflare | Content delivery, web optimization, DNS, security, traffic filtering, and related infrastructure services | IP address, device and request metadata, technical logs, website traffic data | Global (including the United States, European Union, and Asia-Pacific regions) |
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| Sentry | Error tracking, diagnostics, performance monitoring, and debugging | Technical logs, error traces, device and browser data, metadata, limited Customer Data included in error context | Vietnam |
| Google Analytics | Website and product analytics | IP address, device/browser data, usage data, cookie identifiers, traffic and engagement data | Global (including the United States, European Union, and Asia-Pacific regions) |
| Google Tag Manager | Tag and script management | Website interaction data, technical event metadata, cookie-related information | Global (including the United States, European Union, and Asia-Pacific regions) |
| Amplitude | Product analytics and event measurement | Event data, device identifiers, usage patterns, account or pseudonymous identifiers, app interaction data | United States |
| Microsoft Clarity | Product analytics and event measurement | Event data, device identifiers, usage patterns, account or pseudonymous identifiers, app interaction data | Global (including the United States, European Union, and Asia-Pacific regions) |
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| Crisp | Customer support chat, ticketing, and related communication workflows | Name, email address, support messages, chat transcripts, device/browser metadata, support attachments | European Union |
| MailGun | Transactional email, support communications, and relationship management | Business contact data, communication history, marketing preferences, support-related records | United States |
The providers in this section may be involved depending on the relevant Service, feature, customer configuration, plan, and whether a customer uses its own API key or Company-managed access.
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| OpenAI | AI-assisted text generation, transformation, summarization, localization support, and related language processing | Prompts, source text, generated outputs, metadata, technical usage information | United States |
| Google Translate / Google Cloud Translation | Machine translation and related language services | Source text, translated text, metadata, language-related usage data | Global (including the United States, European Union, and Asia-Pacific regions) |
| DeepL | Machine translation and language processing | Source text, translated text, metadata, usage data | European Union |
| Baidu | Translation or AI-related language processing | Source text, translated text, prompts, outputs, metadata | China |
| Yandex | Translation or AI-related language processing | Source text, translated text, prompts, outputs, metadata | Russia |
| DeepSeek | AI-assisted language or content processing | Prompts, source text, generated outputs, metadata | China |
| Grok / xAI | AI-assisted language or content processing | Prompts, source text, generated outputs, metadata | United States |
| Claude | AI-assisted features, if applicable | Prompts, outputs, metadata, feature-specific data | United States |
Important: When a customer uses its own API key or direct account with one of the providers above, that provider may be engaged under the customer’s own relationship and terms. In such cases, the provider may not be acting solely as the Company’s subprocessor.
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| fixer.io | Currency exchange rate, pricing, and related display services | Currency pairs, pricing context, localization settings, technical request metadata | European Union |
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| Apple App Store Connect / Apple-related publishing services | iOS app publishing and distribution support | Developer account data, app metadata, app assets, limited user or operational data where applicable | Global (including the United States and European Union) |
| Google Play Console / Google-related publishing services | Android app publishing and distribution support | Developer account data, app metadata, app assets, limited user or operational data where applicable | Global (including the United States, European Union, and Asia-Pacific regions) |
| Firebase Cloud Messaging (if applicable) | Push notification delivery and related messaging support | Device tokens, push metadata, message delivery data, app identifiers | Global (including the United States, European Union, and Asia-Pacific regions) |
| Apple Push Notification service (APNs) (if applicable) | Push notification delivery for iOS apps | Device tokens, push metadata, app identifiers | Global (including the United States and European Union) |
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| Shopify | App platform, API integrations, store connection, billing, and ecosystem-related services | Store data, merchant account data, operational data, app-related metadata, usage data | Global (including the United States, Canada, and European Union) |
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region* |
| Google Ads | Advertising, conversion measurement, and campaign attribution | Cookie identifiers, traffic and engagement data, conversion events, IP address, technical metadata | Global (including the United States, European Union, and Asia-Pacific regions) |
| Meta / Facebook-related tools (if applicable) | Login, remarketing, audience measurement, and campaign attribution | Cookie or advertising identifiers, engagement data, device/browser data, account-linked metadata where applicable | Global (including the United States and European Union) |
| Shopify Ads for Shopify App Store | Campaign performance and attribution | Advertising identifiers, event data, traffic data, conversion-related metadata | Global (including the United States, Canada, and European Union) |
Customers may choose to connect additional third-party applications, analytics tools, APIs, or service providers on or outside the Shopify ecosystem. Those integrations are enabled at the customer’s direction.
Such providers may receive Customer Data or Personal Data depending on the configuration selected by the customer. In many cases, those providers operate under the customer’s own agreement and privacy terms and may not be acting as the Company’s subprocessor.
Customers are responsible for reviewing and approving the privacy and security posture of any customer-selected integration.
Some subprocessors may process data outside the EEA, UK, Switzerland, or the customer’s local jurisdiction. Where required by applicable law, the Company uses appropriate safeguards for cross-border transfers, which may include Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, contractual commitments, or other lawful transfer mechanisms.
We may update this Subprocessor List from time to time to reflect changes in our infrastructure, vendors, service providers, or product functionality. The “Last Updated” date above reflects the date of the latest revision.
Where required by applicable law or contract, we may provide notice of material changes through email, in-product notice, or related legal documentation.
For subprocessor questions, privacy inquiries, DPA requests, or related compliance matters, please contact: F21-22, 182 Le Dai Hanh St., Ward 15, District 11, HCMC.
General Support – Transcy: [email protected]
General Support – OneMobile / OneLoyalty: [email protected]
We encourage you to review the following related legal documents so you can better understand your rights, how your data is protected, and what to expect from our services:
- Terms and Conditions: The overall binding agreement governing your use of OneLoyalty’s services
- Privacy Policy: How we collect, use, and safeguard your personal data
- Data Processing Addendum (DPA): The terms under which we process personal data on your behalf
- AI Processing Notice: How your data is processed in connection with our AI features