Last Updated: May 13, 2026
In accordance with our Data Processing Addendum, StarZero (It Just Works, Inc.) engages the following sub-processors to process personal data on behalf of our customers. We will update this page at least 30 days before engaging a new sub-processor or replacing an existing one.
To receive email notifications of sub-processor changes, contact us at [email protected].
| Sub-Processor | Purpose | Data Processed | Processing Location |
|---|---|---|---|
| Google Cloud Platform (Google LLC) | Cloud infrastructure, compute, storage, and database services | All customer Inputs, Outputs, Materials, and Face Embedding Data | United States |
| Google Gemini (Google LLC) | AI model services for chat-based interaction with video content and agentic Skill execution | Customer Inputs (video content, metadata, text instructions) and generated Outputs | United States |
| OpenAI, Inc. | AI model services for content analysis, text generation, and Skill execution | Customer Inputs (video content, metadata, text instructions) and generated Outputs | United States |
| Anthropic, PBC | AI model services for content analysis, text generation, and Skill execution | Customer Inputs (video content, metadata, text instructions) and generated Outputs | United States |
| Cloudflare, Inc. | Content delivery network, video streaming, DDoS protection, and web application firewall | Customer Inputs (video files), Outputs (processed video content), and network metadata | Global (edge locations worldwide) |
| Stripe, Inc. | Payment processing, billing, and subscription management | Customer name, email address, billing address, and payment method details | United States |
Notes
- Data minimization. We transmit only the data necessary for each sub-processor to perform its designated function. For example, Cloudflare receives video content for delivery but does not process Face Embedding Data, and Stripe receives only billing-related information.
- Contractual safeguards. Each sub-processor is bound by a data processing agreement imposing obligations no less protective than those in our DPA.
- International transfers. Where a sub-processor processes data outside the EEA, UK, or Switzerland, appropriate transfer mechanisms (such as Standard Contractual Clauses or adequacy decisions) are in place.
Change Log
| Date | Change |
|---|---|
| May 13, 2026 | Initial publication |
For questions about our sub-processors, contact [email protected].