Trust
Subprocessors
Service providers that may process Customer data on our behalf. We notify changes at least 30 days in advance.
List last reviewed: 2026-05-20
| Vendor | Purpose | Data type | Region | Controls |
|---|---|---|---|---|
| MiniMax | Primary LLM inference (Mythos AI) | Chat content and extracted text | EU / Asia | DPA + zero-retention |
| Z-AI / GLM | Fallback LLM inference (degraded mode only) | Chat content and extracted text | Asia | DPA + fallback only |
| Stripe Payments Europe Ltd. | Payment processing & invoicing | Billing identifiers, last 4 digits of card | EU / US (SCC) | SCC + DPA |
| Amazon Web Services EMEA Sarl | Encrypted dossier and asset storage | Forensic dossiers and uploaded assets | eu-central-1 (Frankfurt) | DPA + SSE-KMS |
| Amazon Web Services EMEA Sarl | Transactional email delivery | Recipient email, message metadata | EU | DPA |
| Functional Software Inc. (Sentry) | Application error tracking | Error stack traces, request paths (PII-scrubbed) | EU (de.sentry.io) | DPA + PII scrubbing |
| OpenTelemetry collector | Trace and metric ingestion | Request traces and timing metadata | TBD (self-hosted target) | Pending production wire-up |
Why this list?
Listing sub-processors is required by Art. 28(2) GDPR and is the single most-requested artefact in enterprise procurement. We refresh it every quarter and on every material change.
Informational document published by LegalAudit SA. Statements reflect the current state of controls and are reviewed quarterly. They are not a contractual warranty unless incorporated into a signed agreement. For binding terms request the executed DPA at privacy@legalaudit.ch.