List of Subprocessors
Last Updated: March 20, 2026
Chroma Inc. and its affiliates (“Chroma,” “we,” “our,” and/or “us”) utilize the following subprocessors in the delivery of the Chroma service. These subprocessors may process Customer Personal Data on our behalf when we provide services to our business customers.
| Category | Subprocessor | Security and Privacy Information | Location of Processing |
|---|---|---|---|
| Cloud Infrastructure | Amazon Web Services (AWS) | Security, Privacy, Trust Center | USA |
| Cloud Infrastructure | Google Cloud Platform (GCP) | Security, Privacy, Trust Center | EU |
| Web Hosting | Vercel | Security, Privacy, Trust Center | Processing performed at the data center closest to the end user. View regions |
| Authentication | WorkOS | Security, Privacy | USA |
| AI Services | OpenAI | Security, Privacy, Trust Center | USA |
| AI Services | Google Gemini | Security, Privacy, Trust Center | USA |
| AI Services | MorphLLM | Security, Privacy | USA |
| AI Services | VoyageAI | Privacy, Trust Center | USA |
| Payment Processing | Stripe | Security, Privacy | USA |
| Payment Analytics | Orb | Security, Privacy | USA |
| Product Analytics | PostHog | Security, Privacy | USA & EU |
| Customer Communication | Slack | Security, Privacy, Trust Center | USA |
| Email Marketing | Loops | Privacy | USA |
| Email Processing | Postmark | Security, Privacy | USA |
| Compute Services | Modal | Security, Privacy | USA |
| Document Processing | Datalab | Privacy | USA |
Notes
AI Services:
- Google Gemini, VoyageAI & MorphLLM: Only used when customers perform semantic queries in the UI and specifically select to send data to these providers.
Data Processing Details
All subprocessors listed above are bound by data processing agreements that require them to process Customer Personal Data only on our documented instructions and in compliance with applicable data protection laws.
Contact
For updates to this list or questions about our subprocessors, please contact us at support@trychroma.com.