Subprocessor List
Effective Date: March 25, 2026
Last Updated: March 25, 2026
Version: Public v1.0
This Subprocessor List identifies categories of third-party service providers that may process Customer Data or Personal Data on behalf of FireGroup JSC ("Company") in connection with the provision of Transcy, OneMobile, OneLoyalty, and related services (collectively, the "Services").
This list is provided for transparency and may be updated from time to time as our products, infrastructure, vendors, and operational needs evolve.
This list is intended to be read together with our Terms and Conditions, Privacy Policy, and Data Processing Addendum.
Not every subprocessor listed below will process data for every customer, product, plan, or region.
Certain Third-Party Services may be engaged directly by the customer, including through customer-selected integrations or customer-supplied API keys. Where those providers are engaged directly
by the customer, they may act independently under the customer's own contractual relationship and may not always be acting as the Company's subprocessor.
Some providers may process data from multiple locations depending on service configuration, redundancy, support model, or regional service selection.
Where required by applicable law or contract, we may provide notice of material changes to this list.
1. Core Infrastructure and Hosting
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, hosting, storage, networking, backup, and related infrastructure services | Account data, Customer Data, technical logs, support-related data, application data, backups | United States |
| Cloudflare | Content delivery, web optimization, DNS, security, traffic filtering, and related infrastructure services | IP address, device and request metadata, technical logs, website traffic data | Global (including the United States, European Union, and Asia-Pacific regions) |
2. Monitoring, Error Tracking, and Analytics Infrastructure
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| Sentry | Error tracking, diagnostics, performance monitoring, and debugging | Technical logs, error traces, device and browser data, metadata, limited Customer Data included in error context | Vietnam |
| Google Analytics | Website and product analytics | IP address, device/browser data, usage data, cookie identifiers, traffic and engagement data | Global (including the United States, European Union, and Asia-Pacific regions) |
| Google Tag Manager | Tag and script management | Website interaction data, technical event metadata, cookie-related information | Global (including the United States, European Union, and Asia-Pacific regions) |
| Amplitude | Product analytics and event measurement | Event data, device identifiers, usage patterns, account or pseudonymous identifiers, app interaction data | United States |
| Microsoft Clarity | Product analytics and event measurement | Event data, device identifiers, usage patterns, account or pseudonymous identifiers, app interaction data | Global (including the United States, European Union, and Asia-Pacific regions) |
3. Customer Support and Communications
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| Crisp | Customer support chat, ticketing, and related communication workflows | Name, email address, support messages, chat transcripts, device/browser metadata, support attachments | European Union |
| MailGun | Transactional email, support communications, and relationship management | Business contact data, communication history, marketing preferences, support-related records | United States |
4. AI, Translation, and Automated Processing Providers
The providers in this section may be involved depending on the relevant Service, feature, customer configuration, plan, and whether a customer uses its own API key or Company-managed access.
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| OpenAI | AI-assisted text generation, transformation, summarization, localization support, and related language processing | Prompts, source text, generated outputs, metadata, technical usage information | United States |
| Google Translate / Google Cloud Translation | Machine translation and related language services | Source text, translated text, metadata, language-related usage data | Global (including the United States, European Union, and Asia-Pacific regions) |
| DeepL | Machine translation and language processing | Source text, translated text, metadata, usage data | European Union |
| Baidu | Translation or AI-related language processing | Source text, translated text, prompts, outputs, metadata | China |
| Yandex | Translation or AI-related language processing | Source text, translated text, prompts, outputs, metadata | Russia |
| DeepSeek | AI-assisted language or content processing | Prompts, source text, generated outputs, metadata | China |
| Grok / xAI | AI-assisted language or content processing | Prompts, source text, generated outputs, metadata | United States |
| Claude | AI-assisted features, if applicable | Prompts, outputs, metadata, feature-specific data | United States |
Important: When a customer uses its own API key or direct account with one of the providers above, that provider may be engaged under the customer’s own relationship and terms. In such cases, the provider may not be acting solely as the Company’s subprocessor.
5. Currency, Pricing, and Related Data Providers
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| fixer.io | Currency exchange rate, pricing, and related display services | Currency pairs, pricing context, localization settings, technical request metadata | European Union |
6. Push Notification and Mobile App Services
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| Apple App Store Connect / Apple-related publishing services | iOS app publishing and distribution support | Developer account data, app metadata, app assets, limited user or operational data where applicable | Global (including the United States and European Union) |
| Google Play Console / Google-related publishing services | Android app publishing and distribution support | Developer account data, app metadata, app assets, limited user or operational data where applicable | Global (including the United States, European Union, and Asia-Pacific regions) |
| Firebase Cloud Messaging (if applicable) | Push notification delivery and related messaging support | Device tokens, push metadata, message delivery data, app identifiers | Global (including the United States, European Union, and Asia-Pacific regions) |
| Apple Push Notification service (APNs) (if applicable) | Push notification delivery for iOS apps | Device tokens, push metadata, app identifiers | Global (including the United States and European Union) |
7. Platform and Ecosystem Providers
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| Shopify | App platform, API integrations, store connection, billing, and ecosystem-related services | Store data, merchant account data, operational data, app-related metadata, usage data | Global (including the United States, Canada, and European Union) |
8. Marketing, Advertising, and Attribution Providers
| Provider | Purpose / Service | Categories of Data Potentially Processed | Primary Location / Region |
|---|---|---|---|
| Google Ads | Advertising, conversion measurement, and campaign attribution | Cookie identifiers, traffic and engagement data, conversion events, IP address, technical metadata | Global (including the United States, European Union, and Asia-Pacific regions) |
| Meta / Facebook-related tools (if applicable) | Login, remarketing, audience measurement, and campaign attribution | Cookie or advertising identifiers, engagement data, device/browser data, account-linked metadata where applicable | Global (including the United States and European Union) |
| Shopify Ads for Shopify App Store | Campaign performance and attribution | Advertising identifiers, event data, traffic data, conversion-related metadata | Global (including the United States, Canada, and European Union) |
9. Automated Decisions and Customer Responsibilities
Some features may support personalization, ranking, recommendations, language detection, search results, workflow triggers, or other automated or semi-automated experiences.
Customers are responsible for assessing whether their own use of these features triggers any obligations under applicable law, including obligations relating to: notice or transparency; consent or lawful basis; opt-out rights; profiling or automated decision-making restrictions; consumer protection disclosures; or sector-specific compliance requirements.
Where required, customers are responsible for implementing appropriate review, oversight, escalation, fallback, or human intervention processes.
10. Security, Logging, and Retention
We maintain administrative, technical, and organizational measures designed to protect data processed through AI-enabled features, taking into account the nature of the Services and the risks involved.
Depending on the feature and configuration, we may log prompts, outputs, technical events, error traces, rate-limit signals, routing choices, or related metadata for purposes such as: service delivery; debugging and troubleshooting; fraud, abuse, and security monitoring; performance measurement; quality assurance; and product support and maintenance.
We do not retain such data longer than reasonably necessary for the purposes described above, subject to our retention practices, legal obligations, contractual commitments, backup cycles, and security needs.
11. Prohibited and Restricted Uses
Customers must not use AI-enabled features in a manner that: violates applicable law, regulation, or third-party rights; involves unlawful, deceptive, harmful, abusive, discriminatory, or infringing content; submits restricted sensitive data in violation of our Terms, Privacy Policy, or service documentation; attempts to generate harmful instructions, malware, fraud content, or other abusive outputs; misleads end users into believing outputs are fully human-reviewed when they are not; or creates unacceptable legal, operational, platform, or reputational risk for the Company, third parties, or end users.
We may suspend, restrict, or disable AI-enabled features where reasonably necessary to address legal, security, abuse, or platform risks.
12. International Data Transfers
AI-enabled workflows may involve processing by providers or infrastructure located outside the EEA, UK, Switzerland, or the customer’s home jurisdiction.
Where required by applicable law, we use appropriate safeguards for international transfers, which may include Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, contractual commitments, or other lawful transfer mechanisms.
Additional information is available in our Privacy Policy and DPA where applicable.
13. Changes to AI Features and This Notice
We may update AI-enabled features, providers, models, service logic, safety controls, and this Notice from time to time to reflect changes in technology, law, product design, vendor relationships, or operational practices.
Where we make material changes, we may provide notice through the Services, our website, email, or related documentation.
The “Last Updated” date above reflects the most recent revision date for this Notice.
14. Contact
For questions about AI-enabled processing, privacy, subprocessors, or contractual data protection terms, please contact:
FireGroup JSC
F21-22, 182 Le Dai Hanh St., Ward 15, District 11, HCMC.
General Support –
– Transcy: [email protected]
– OneMobile / OneLoyalty: [email protected]
15. Other Legal Documents
We encourage you to review the following related legal documents so you better understand your rights, how your data is protected, and what to expect from our services:
– Terms and Conditions: The overall binding agreement governing your use of OneMobile’s services
– Privacy Policy: How we collect, use, and safeguard your personal data
– Data Processing Addendum (DPA): The terms under which we process personal data on your behalf
– AI Processing Notice: How your data is processed in connection with our AI features
Don't find the answer? We can help, click here to contact
