Last updated: April 24, 2026
A subprocessor is a third-party company that Rico uses to deliver its service and that may process your personal data on our behalf. This page lists all current subprocessors, what they do for Rico, and whether they receive consumer health data (dietary restrictions, food allergies, and nutritional preferences) as defined by the Washington My Health My Data Act. For full context, see our Privacy Policy and Consumer Health Data Privacy Policy.
| Provider | Purpose | Data categories shared | Consumer health data | Location | Privacy policy |
|---|---|---|---|---|---|
| OpenAI | AI-powered features | Dietary restrictions, food allergies, nutritional preferences, and other profile data needed to provide AI features | Yes — AI service provider | United States | openai.com |
| Anthropic | AI-powered features | Dietary restrictions, food allergies, nutritional preferences, and other profile data needed to provide AI features | Yes — AI service provider | United States | anthropic.com |
| Google Cloud / Firebase | Authentication (Firebase Auth), cloud database (Firestore), server-side AI proxy (Cloud Functions), push notifications (Firebase Cloud Messaging), remote configuration, cloud storage for AI quality logs | Account information, dietary preferences, food allergies, recipes, cooking sessions, grocery lists, meal plan, push tokens, pseudonymized AI quality logs | Yes — stores user profile (including health data categories) in Firestore; health data is stripped from AI quality logs before storage per our A2 sanitization pipeline | United States | firebase.google.com |
| PostHog | Product analytics (feature usage, screen views, funnels) and session replay recordings (screen-level recordings used to reproduce issues and improve the app) | Usage events (counts and timestamps; no raw health data), session recordings (sensitive screens excluded) | Filtered — session replay is paused when screens displaying dietary preferences, allergy selections, or AI cooking responses are active. Analytics events contain usage counts and screen identifiers only, not raw dietary or allergy data. | United States | posthog.com |
| Resend | Transactional email delivery (account verification emails, password reset emails) | Email address only | No | United States | resend.com |
| Sentry | Crash reporting and error tracking | Crash stack traces, device metadata, app version; no user content or health data | No | United States | sentry.io |
| RevenueCat | Subscription management (purchase, renewal, cancellation event tracking) | Subscription status, purchase events, device platform | No | United States | revenuecat.com |
| Apple | App Store distribution, Apple Sign In authentication, in-app purchase processing | Apple ID (for Sign In only), App Store purchase receipts | No | United States | apple.com/privacy |
If we add, remove, or materially change a subprocessor that handles consumer health data, we will:
Changes to subprocessors that do not handle consumer health data (for example, switching crash monitoring tools) may be made without advance notice but will be reflected on this page.
If we add a new AI provider that will receive your consumer health data, we will also bump the CURRENT_HEALTH_CONSENT_VERSION in the app, which triggers a re-consent screen the next time you open Rico.