Subprocessor List
Last updated:
Weave AI Inc. — List of Subprocessors
Last Updated: March 29, 2026
Overview
Weave AI Inc. ("Weave," "we," "us," or "our") engages certain third-party service providers ("Subprocessors") to assist in providing the Weave desktop application and related services (the "Services"). Each Subprocessor is contractually bound to process personal data only as necessary to perform the services we have engaged them to provide and in accordance with our Data Processing Agreement and applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
This document lists the Subprocessors currently authorized to process Customer Data on behalf of Weave. Capitalized terms not defined herein have the meanings set forth in our Privacy Policy and Terms of Service.
Notification of Changes
We will notify customers of any new Subprocessors or material changes to existing Subprocessors at least 30 days before authorizing them to process Customer Data. If you object to a new Subprocessor, you may notify us in writing within the 30-day notice period, and we will work with you in good faith to resolve the concern.
AI Service Providers
These Subprocessors process user prompts and messages when customers use Weave's cloud AI features. Data is transmitted only for the duration of the request and is not retained by the provider for training purposes under our agreements.
Entity | Function | Data Processed | Location |
|---|---|---|---|
GreenPT BV | AI chat completions via renewable-energy infrastructure | User prompts, messages, conversation context | EU (France) |
OpenAI OpCo, LLC | AI chat completions; DALL·E image generation | User prompts, messages, conversation context; image generation prompts | United States |
Anthropic PBC | AI chat completions | User prompts, messages, conversation context | United States |
Google LLC (Gemini / Imagen) | AI chat completions; image generation and alteration | User prompts, messages, conversation context; image generation prompts, image alteration inputs | United States |
Infrastructure & Backend Services
These Subprocessors provide the core infrastructure that powers authentication, data storage, and server-side processing for the Services.
Entity | Function | Data Processed | Location |
|---|---|---|---|
Supabase, Inc. | Authentication, PostgreSQL database, Edge Functions | Email, name, hashed email, account metadata, subscription status, usage records | United States |
Cloudflare, Inc. | Application update distribution (CDN) | App version, platform/OS identifier | United States (global edge) |
Payment Processing
Entity | Function | Data Processed | Location |
|---|---|---|---|
Stripe, Inc. | Payment processing, subscription management, invoicing | Email, customer ID, payment method details (card data handled directly by Stripe and never touches Weave servers) | United States |
Analytics & Error Monitoring
These Subprocessors help us understand product usage and diagnose errors. Both are configured with privacy-first defaults: no IP address collection, no personally identifiable information, and user opt-out available via Settings > Privacy.
Entity | Function | Data Processed | Location |
|---|---|---|---|
PostHog, Inc. | Product analytics | Anonymized usage events; no PII collected; IP collection disabled; text content masked | United States |
Functional Software, Inc. dba Sentry | Error tracking and performance monitoring | Anonymized error reports, sanitized stack traces, app version; no PII or IP addresses collected | United States |
Search Services
Entity | Function | Data Processed | Location |
|---|---|---|---|
AlphaAI Technologies Inc. dba Tavily | Web search (premium feature; used as fallback to on-device search) | Search queries | United States |
Model Distribution
Entity | Function | Data Processed | Location |
|---|---|---|---|
Hugging Face, Inc. | Local AI model downloads | No user data transmitted; only model metadata requests (model ID, version) | United States / EU |
Subprocessor Compliance
All Subprocessors listed above maintain industry-standard security certifications or comply with recognized frameworks:
Entity | Certifications / Frameworks |
|---|---|
OpenAI OpCo, LLC | SOC 2 Type II, ISO 27001, ISO 27701 |
Anthropic PBC | SOC 2 Type II, ISO 27001 |
Google LLC | SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 |
GreenPT BV | SOC 2 Type II, ISO 27001, EU data residency, GDPR-compliant processing |
Supabase, Inc. | SOC 2 Type II |
Stripe, Inc. | SOC 2 Type II, PCI DSS Level 1 |
PostHog, Inc. | SOC 2 Type II |
Functional Software, Inc. dba Sentry | SOC 2 Type II |
Cloudflare, Inc. | SOC 2 Type II, ISO 27001, PCI DSS |
AlphaAI Technologies Inc. dba Tavily | SOC 2 Type II |
Hugging Face, Inc. | SOC 2 Type II |
Data Residency Note
Weave is a desktop application. All user-generated content (including conversations, documents, images, transcriptions, and embeddings) is stored locally on the user's device and is never uploaded to Weave servers.
Server-side data (authentication, usage metadata, billing) is hosted in the United States via Supabase. AI prompts are processed in the regions noted above and are not retained by AI providers for model training under our commercial agreements.
GreenPT BV is headquartered in Utrecht, Netherlands (Chamber of Commerce: 97084360) and processes all AI requests within EU data centres located in France, powered by 100% renewable energy. Customers who route all cloud AI through GreenPT can ensure that prompt data does not leave the EU.
Archived Subprocessors
No Subprocessors have been removed from this list to date.
Contact
For questions about this Subprocessor list, data processing practices, or to exercise your data protection rights, contact:
Weave AI Inc. 251 Little Falls Drive, Wilmington, DE 19808 support@weavegreenai.com