Subprocessor Disclosure
Last Updated: January 12, 2026
This Subprocessor Disclosure describes the third-party subprocessors engaged by Hexel Studio, Inc. ("Hexel," "we," "us") to process Personal Data on behalf of customers in connection with the Services.
This document forms part of the Data Processing Addendum (DPA) and is incorporated by reference into the Terms and Conditions.
1. Purpose of This Disclosure
Hexel may engage carefully selected third parties ("Subprocessors") to support delivery of the Services, including infrastructure, security, monitoring, and AI model execution.
This disclosure provides transparency into:
- The categories of subprocessors used
- The nature of processing performed
- Customer rights with respect to changes
2. General Principles
Hexel applies the following principles to subprocessors:
- Subprocessors are engaged only as necessary to deliver the Services
- Subprocessors are contractually bound to:
- Process data only on Hexel's instructions
- Implement appropriate security measures
- Maintain confidentiality
Hexel remains responsible for subprocessor compliance under the DPA
3. Categories of Subprocessors
Hexel may engage subprocessors in the following categories:
3.1 Cloud Infrastructure Providers
Used for compute, storage, networking, and managed services.
Processing Activities:
- Hosting platform components
- Storing encrypted customer data
- Executing agent workloads
3.2 AI Model and Inference Providers
Used only where enabled by the customer.
Processing Activities:
- Processing Inputs to generate Outputs
- Returning model responses to the platform
Customers control which models are enabled and which data is transmitted.
3.3 Monitoring, Logging, and Observability Providers
Used to ensure platform reliability, security, and auditability.
Processing Activities:
- Receiving operational logs and metrics
- Supporting incident detection and response
3.4 Security and Compliance Vendors
Used to maintain security posture.
Processing Activities:
- Vulnerability scanning
- Incident response support
- Access monitoring
3.5 Payment and Billing Providers
Used to process payments and invoices.
Processing Activities:
- Processing billing and payment data
- Fraud prevention
Hexel does not store full payment card details.
4. Current Subprocessors
As of the date above, Hexel may engage subprocessors that include, but are not limited to:
- Cloud infrastructure providers
- AI model providers selected by customers
- Observability and monitoring providers
- Payment processors
Specific subprocessor names may vary by region, customer configuration, and enabled features.
5. Subprocessor Updates and Notifications
Hexel may add or replace subprocessors from time to time.
- Material changes will be communicated through the Services or via email
- Customers may object to a new subprocessor on reasonable data protection grounds
- If an objection cannot be resolved, the customer may terminate the affected Services in accordance with the Agreement
6. International Data Transfers
Some subprocessors may process data outside the customer's jurisdiction. Where required, Hexel implements appropriate safeguards consistent with applicable data protection laws.
7. Audits and Assurance
Hexel maintains contractual rights to assess subprocessor compliance and requires subprocessors to provide reasonable assurances regarding security and data protection practices.
8. Questions and Contact
Questions regarding this Subprocessor Disclosure may be directed to: