次级处理者与跨境数据传输
最后更新: 2026-05-17
FlowZap 仅依赖有限的次级处理者来提供服务。本页面列出每个次级处理者、用途、托管区域、处理的数据类别,以及适用于 GDPR 第 46 条和 PIPL 第 38–39 条的传输机制。任何重大变更将在生效前在此页面公告。
| 次级处理者 | 用途 | 区域 | 处理的数据 | 传输机制 |
|---|---|---|---|---|
| Deepseek (Hangzhou DeepSeek Artificial Intelligence Co., Ltd.) | LLM analysis for the SOC2 / GDPR / PIPL Compliance Checker. Receives only the FlowZap Code DSL submitted by the user — no account identifiers, no IP, no email. | People's Republic of China | FlowZap Code DSL text (user-pasted diagram). No personal data is intentionally transmitted; users are warned not to paste personal data. | PIPL Art. 38(1)(3) Standard Contract for cross-border transfer + GDPR Art. 49(1)(a) explicit consent (the user voluntarily submits the diagram knowing it is sent to Deepseek). No diagram content is retained by FlowZap. |
| Perplexity AI, Inc. | LLM generation for the AI-assisted FlowZap Code generator (authenticated users only). | United States | User prompt text submitted to the AI generator. No diagrams, no account credentials. | GDPR Art. 46 Standard Contractual Clauses (SCC, 2021 module 2 controller-to-processor). UK IDTA addendum applicable for UK users. |
| Hetzner Online GmbH | Application and database hosting (primary infrastructure). | European Union (Germany / Finland) | All application data: user accounts, diagrams, telemetry, logs. | No third-country transfer (data remains in EU/EEA). |
| Scaleway SAS | Transactional email delivery (login codes, notifications). | European Union (France) | Recipient email address, message content (login code or notification). | No third-country transfer (data remains in EU/EEA). |
如有关于次级处理者或行使权利的问题,请通过 反馈表单 联系我们。