Legal
Sub-processors
Last updated: June 8, 2026
Hey Cass AI (operated by ThinkBOLD Solutions, LLC) uses a small set of third-party service providers — “sub-processors” — to deliver the Service. Each one processes some data on our behalf under their own contractual and privacy commitments. This page lists every named sub-processor currently in use.
We update this list before adding any new sub-processor that materially changes how we process customer data. Customers under a Data Processing Agreement (DPA) receive notice of changes in advance.
Current sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | Site hosting, DNS, CDN, edge security, email routing (inbound). | United States |
| Resend (Resend, Inc.) | Outbound email delivery — transactional and waitlist email from cass@heycass.ai, and PIO press/news alerts to media contacts from alerts@newsalert.tv. Receives recipient email addresses, names, and message content. | United States |
| Anthropic, PBC | AI model inference powering the Cass chatbot, drafting assistance, and incident press-conference fact extraction (when active). | United States |
| Deepgram, Inc. | Speech-to-text transcription of press-conference audio a PIO records in the incident command center. Receives the uploaded audio and returns a transcript; the source audio is purged when the incident is archived. | United States |
| HighLevel (leadconnectorhq.com) | Customer relationship management, chat widget hosting on the Contact page, and opt-in audit trail. Receives name, email, phone (when provided), chat conversation content, and consent records. | United States |
| Google LLC (Google Fonts) | Self-hosted web font delivery (Inter). Served via our hosting provider; no direct visitor-to-Google connection at runtime. | United States |
| Google LLC (Google Tag Manager + Google Analytics 4) | Website analytics and tag management. Captures pageviews, traffic sources, and conversion events (such as waitlist signups). Loaded only after the visitor grants Analytics consent via our cookie banner. Receives anonymized usage data, IP address (truncated by Google), device type, and page URLs. | United States |
| X Corp (X / Twitter) | Outbound social media posting to the @heycasspio account on X. Receives post content, quote-card images, and OAuth credentials. Receives engagement data (likes, replies, reposts) tied to the @heycasspio account. SMS opt-in data is never shared with X. | United States |
Notes
- Hey Cass AI is operated by ThinkBOLD Solutions, LLC. Customer relationship management, contact storage, conversation history, and marketing automation run on the HighLevel platform listed above. The HighLevel chat widget is loaded on the Contact page only; it is not present on any other page.
- We do not transfer customer data to any external sub-processor outside this list without first updating this page.
- All sub-processors are bound by written terms requiring them to protect customer data and limit its use to the purposes above.
- When the Cass chatbot is active, conversation inputs are transmitted to our AI model provider listed above for inference. We do not allow customer inputs to be used to train the underlying models.
Questions or DPA requests
For a Data Processing Agreement, GDPR Article 28 documentation, or questions about a specific sub-processor: cass@heycass.ai
Questions? cass@heycass.ai