Subprocessors
Effective date: 2026-06-01 · Last updated: 2026-06-01
Anrie is a product of Unreal Labs, Inc. (anrie.ai). This page lists the third-party companies ("subprocessors") that we engage to help us provide Anrie, and the categories of data each may process on our behalf.
What is a subprocessor?
A subprocessor is a third-party service provider that processes personal or customer data on our behalf in the course of delivering Anrie. Examples include our cloud host, the providers that run the AI models behind the Anrie agent, our error-monitoring tool, and the platforms that customers explicitly connect to Anrie.
Our commitment
- Data Processing Agreements (DPAs). We enter into a DPA or equivalent contractual data-protection terms with each subprocessor before it processes customer data, including obligations consistent with applicable data-protection law (e.g. GDPR Article 28).
- Security review. We assess each subprocessor's security posture before engagement and on an ongoing basis.
- Data residency. Anrie's primary infrastructure runs in the European Union (Google Cloud
europe-west1, Belgium), with data encrypted at rest and TLS enforced in transit. Some subprocessors process data in their own cloud regions; in those cases we rely on contractual safeguards (DPA, Standard Contractual Clauses, or an equivalent transfer mechanism) to ensure an equivalent level of protection. - Slack content scope. Anrie only stores Slack content from channels where the Anrie bot has been added, so the agent can maintain conversation context. Anrie does not access or store content from channels where it has not been invited. Stored Slack content is held on EU-hosted infrastructure (Google Cloud,
europe-west1) and is processed by the GCP subprocessor listed below. See our Privacy Policy §4.2 for details and deletion options. - Company HQ: San Francisco, CA, USA — Unreal Labs, Inc. (a Delaware corporation), with a UK affiliate, London Unreal Labs Ltd (company number 16697867), acting as our establishment in the United Kingdom.
Anrie Subprocessors
The following third parties process Customer data on Anrie's behalf as our subprocessors. We maintain a Data Processing Agreement (or equivalent contractual data-protection terms) with each, and review their security and privacy practices on an ongoing basis.
| Subprocessor | Purpose | Data categories processed | Processing location |
|---|---|---|---|
| Google Cloud Platform (GCP) | Primary cloud host. Runs all Anrie services and isolated agent sandbox pods; Vertex AI serves the Claude models for agent reasoning; Cloud Storage, Cloud SQL (PostgreSQL), BigQuery, Pub/Sub, Cloud Run, and Filestore back the platform. | Customer prompts and chat content, uploaded creative assets/images, generated ad creatives and reports, agent execution logs, ad-performance data, Slack message content transiting agent reasoning, account/workspace identity | EU — europe-west1 (Belgium). Vertex AI region is set to global. |
| Cloudflare | DNS, TLS termination, DDoS/WAF protection, and CDN/edge for anrie.ai; also gates internal/preview surfaces via Cloudflare Access. | Network-layer request metadata; TLS termination for traffic to anrie.ai (transits customer web and Slack-ingress requests) | Cloudflare global edge network |
| Anthropic (Claude) | LLM provider for the core Anrie agent. Served through Google Vertex AI for the agent runtime; a separate direct Anthropic API path exists in the media/creative-generation pipeline. | Customer chat/prompt content, system prompts, tool inputs/outputs, and data the agent reasons over (Slack messages, ad data, creative briefs) | Served via Google Vertex AI (GCP, project region global) for the agent runtime; api.anthropic.com when the direct-API path is used |
| Slack | Primary chat surface for Anrie. Handles OAuth install, inbound/outbound messages, files, and reactions for the Anrie Slack coworker. | Customer Slack messages, files/attachments, reactions, channel/workspace identifiers, user identities, OAuth tokens | Slack cloud (slack.com / api.slack.com) |
| Pipedream | Integration broker for customer-connected platforms. Holds OAuth tokens and brokers calls to customer-connected business apps (see Customer-Connected Platforms below). | OAuth tokens and account-connection metadata for connected platforms; data fetched from those platforms passes through Pipedream | Pipedream cloud (api.pipedream.com, remote.mcp.pipedream.net) |
| Sentry | Error/crash and performance monitoring across the Anrie frontend, communications service, egress proxy, and pipelines. | Error events, stack traces, request/runtime context, release/environment metadata; potentially incidental PII in error payloads | Sentry cloud, EU region (Germany, ingest.de.sentry.io) |
| OpenAI | LLM/media provider on the creative-generation path (GPT agents; moderation and image/video generation). | Prompts/chat content for GPT agents; content sent for moderation; image/video generation inputs and outputs | OpenAI cloud (api.openai.com) |
| Google Gemini / Vertex AI (generative models) | Image/video generation and vision on the creative-generation path. Distinct from the Vertex path that serves Claude. | Prompts, images and reference assets for generation/vision; generated image/video outputs | Google cloud (Gemini API and Vertex AI) |
| Fal.ai | Media-generation broker on the creative path (video/lipsync/image models). | Creative generation inputs (images, prompts, reference assets) and generated video/image outputs | Fal cloud (fal.ai / fal.run) |
| ElevenLabs | Text-to-speech / voice generation and voice cloning on the creative-generation path. | Text scripts for TTS, generated audio, voice samples for voice cloning (may include brand/customer voices) | ElevenLabs cloud (api.elevenlabs.io) |
| Hedra | AI video/avatar generation on the creative-generation path. | Creative generation inputs and generated video outputs | Hedra cloud |
| HeyGen | AI avatar/video generation used by the Anrie agent (avatar, video, and translate skills) via the agent egress proxy. | Creative briefs/scripts and avatar/video generation inputs and outputs (may include customer brand content) | HeyGen cloud (api.heygen.com) |
| xAI (Grok) | LLM provider available on the creative-generation path (Grok reasoning models; Grok image/video via Fal). Not part of the core Anrie chat agent reasoning. | Prompts/reasoning inputs and outputs | xAI cloud (api.x.ai) |
Customer-Connected Platforms
When you connect a third-party platform to Anrie, Anrie acts on your behalf to read from and write to that platform. These platforms are not Anrie subprocessors — your use of them is governed by your direct relationship with each platform under their own terms and privacy policies. Anrie does not control how these platforms process your data outside of the actions you direct Anrie to perform. The underlying OAuth tokens are held by Pipedream (see above).
| Platform | Data accessed when connected | Processing location |
|---|---|---|
| Meta (Facebook) Marketing / Graph API | Ad-account data: campaigns, ad sets, ads, performance/spend metrics | Meta cloud (graph.facebook.com), brokered via Pipedream |
| Google Ads | Ad-campaign data; performance/conversion metrics | Google cloud, brokered via Pipedream |
| Shopify | Store product catalog, collections, store metadata, promotion context | Shopify cloud, brokered via Pipedream |
| HubSpot | CRM data: contacts, companies, deal pipeline; campaign notes | HubSpot cloud, brokered via Pipedream |
| Notion | Pages, databases, and document content | Notion cloud, brokered via Pipedream |
| Google Sheets | Spreadsheet content: planning sheets, creative briefs, exported performance summaries | Google cloud, brokered via Pipedream |
Slack conversation history: To give the Anrie agent context, we store Slack channel history from channels where the Anrie bot has been added. This content is retained on EU-hosted infrastructure (GCP
europe-west1, with a BigQuery archive in the same region) and is processed by the GCP subprocessor listed above. You can have your stored Slack content deleted at any time by emailing [email protected]; we delete it within 30 days of a verified request.
Changes to this list
We will provide reasonable prior notice of any new subprocessor that materially affects how Customer data is processed, by updating this page and by email or in-product notice to workspace administrators. Customers subject to GDPR or UK GDPR may object to a new subprocessor; if the objection cannot be resolved, the Customer may terminate the affected portion of the Service.
To be notified of changes, or for any questions about our subprocessors or data processing, contact us at [email protected].