LIST OF SUBPROCESSORS
SMARTCONTENTGUARD
Last updated: December 22, 2025
Version: 1.2
1. INTRODUCTION
This page lists all subprocessors (third‑party service providers) that may process personal data on behalf of Smart Content Guard LLC during the operation of SmartContentGuard.
In compliance with LGPD (Law 13.709/2018) and CCPA/CPRA, this list is kept current and transparent for our users.
2. CURRENT SOFTWARE ARCHITECTURE
2.1. Local Processing
SmartContentGuard is a browser extension that runs 100% locally on the user’s device. Currently:
- ✅ All data processing takes place locally in the browser.
- ✅ Preferences and settings are stored using native browser APIs (localStorage, IndexedDB).
- ✅ No operational data is sent to external servers
- ✅ We do not collect usage data, telemetry, or analytics at this time.
2.2. Distribution
The extension is distributed through:
- Chrome Web Store (Google)
- Firefox Add-ons (Mozilla)
- Microsoft Edge Add-ons (Microsoft)
These platforms do not act as subprocessors, as they only host the extension installation file and do not process end‑user personal data on our behalf.
3. CURRENT SUBPROCESSORS
3.1. Website Hosting and Infrastructure
| Subprocessor | Service | Location | Data Processed |
|---|---|---|---|
| Hostinger International Ltd. | WordPress hosting (server infrastructure) | Europe / United States | Visitor IP address, HTTP access logs, web request metadata |
| WordPress.com (Automattic Inc.) | Content management system (CMS) platform | United States / Europe | Website editorial content, media (images), page metadata |
Important: The website notamspot.com is used only for documentation and product information. The SmartContentGuard extension itself does not communicate with this site and does not send operational data to it.
Certifications and Compliance:
- Hostinger: ISO 27001, SOC 2, GDPR/LGPD-compliant – DPA available
- Automattic (WordPress.com): GDPR/CCPA‑compliant, certified datacenters in US/EU
3.2. User Support and Communication
| Subprocessor | Service | Location | Data Processed |
|---|---|---|---|
| Google Workspace (Google LLC) | Corporate email (support@, privacy@, security@) | United States / Multi‑regional | Emails sent by users, support request content, attachments |
| Google Forms (Google LLC) | Issue reporting form | United States / Multi‑regional | Information voluntarily provided by the user when reporting bugs (problem description, browser version, optional screenshots) |
Certifications and Compliance:
- Google Workspace: ISO 27001, SOC 2/3, GDPR/CCPA/LGPD-compliant – DPA available
3.3. Website Analytics (notamspot.com only)
| Subprocessor | Service | Location | Data Processed |
|---|---|---|---|
| Google LLC | Google Analytics (institutional website only) | United States / Multi‑regional | IP address (anonymized), pages visited, session duration, traffic source, browser/device, interaction events |
⚠️ Important – Limited Scope
Google Analytics is used exclusively on the institutional website (notamspot.com) for traffic and usage metrics. The SmartContentGuard extension does not use Google Analytics and does not send usage data, telemetry, or any operational information to external servers.
Privacy Measures Implemented:
- ✅ IP anonymization: IP addresses are anonymized before processing.
- ✅ Consent: Cookie banner implemented in accordance with LGPD/GDPR.
- ✅ Aggregated data: Only aggregated statistics without individual identification are used.
- ✅ Limited retention: Data is retained for the minimum period necessary.
- ✅ No sharing with Google Ads: Data is not shared with advertising products.
Certifications and Compliance:
- Google Analytics: ISO 27001, SOC 2/3, GDPR/CCPA/LGPD-compliant – DPA available
SERVICES CURRENTLY NOT USED BY THE EXTENSION
For full transparency, the SmartContentGuard extension does not currently use the following services commonly found in web applications:
- ❌ Analytics/Telemetry extension: The extension does not collect usage data or telemetry.
- ❌ Error Tracking: We do not use Sentry, Rollbar, Bugsnag or similar apps.
- ❌ CDN: We do not use Cloudflare, AWS CloudFront, or similar services (the extension is distributed via official app stores).
- ❌ Payments: We do not process payments (the current version is free).
- ❌ CRM/Marketing: We don't use MailChimp, HubSpot, or any marketing tools.
- ❌ Cloud Storage: We do not store user data in AWS S3, Google Cloud Storage, or similar services.
💡 Note: The institutional website (notamspot.com) uses Google Analytics for visitation metrics (see section 3.3). The extension remains 100% local and does not collect operational data.
5. FUTURE (PLANNED) SUBPROCESSORS
If we come to implement new resources that require subprocessors, this list will be updated before the service is activated. Possible future additions include:
5.1. In‑Extension Analytics (Optional – disabled by default)
If optional, anonymous telemetry is implemented in the extension, we may consider:
- Plausible Analytics (GDPR-compliant, EU-based)
- Fathom Analytics (privacy-first, EU/US)
- Self-hosted Matomo (open-source, total control)
Commitment: Any analytics in the extension will be opt-in (disabled by default) and will only use anonymous aggregate data.
5.2. Error Tracking (Optional)
To improve bug detection, we may add:
- Sentry (with sensitive‑data scrubbing, EU/US datacenters).
5.3. Payments (Future)
When paid plans are introduced, payment processing will use PCI‑DSS‑compliant processors:
- Stripe (United States/Europe)
- Or PayPal (United States)
Note: We will never store credit card data – this will be handled directly by certified processors.
6. CONTRACTUAL SAFEGUARDS
All listed subprocessors are selected based on:
- ✅ LGPD/GDPR/CCPA Compliance: They have adequate privacy policies.
- ✅ Standard Contract Clauses: For international transfers (where applicable)
- ✅ Standard contractual clauses approved by the European Commission: For international transfers
- ✅ Data Minimization: They process only strictly necessary data.
7. CHANGE NOTIFICATIONS
When new subprocessors are added, we guarantee:
- 📧 Prior notification: Users will be informed at least 30 (thirty) days in advance.
- 📄 Update to this page: With a description of the service, its purpose, and its location.
- ✅ Right to object: Users can disable features that depend on the new subprocessor or stop using the software.
Notification channels:
- In‑app notification in the extension.
- Notice on website notamspot.com
- Email (for users who have voluntarily provided contact information).
8. USER RIGHTS
You have the right to:
- ✓ Request information about which data has been shared with subprocessors.
- ✓ Request deletion of data processed by subprocessors.
- ✓ Obtain a copy of data processing agreements (upon justified request).
- ✓ Exercise rights provided in Privacy Policy
To exercise these rights: privacy@notamspot.com
9. RELATED DOCUMENTS
- Privacy Policy.
- Terms of Use and License (EULA)
- Extension Permission Justification
- ICAO Annex 15 Compliance
- Security Architecture
- Data Transparency
10. Contact
For questions about this list or about subprocessors:
Email (Privacy and Data): privacy@notamspot.com
Website: https://notamspot.com/
Legal Address:
Smart Content Guard LLC
Cheyenne, WY 82001, USA
Version: 1.2
Last updated: December 22, 2025
Next review: When new subprocessors are added.