Subprocessors
The third parties that process data on behalf of AIOProductOS (GDPR Article 28). We keep this list current and publish any addition at least 30 days before the new subprocessor begins processing customer data.
| Subprocessor | Purpose | Location | Certifications |
|---|---|---|---|
| Anthropic | AI features (Claude) | USA | SOC2 |
| Cloudflare | DNS | USA (global) | SOC2ISO27001 |
| Deepgram | Meeting transcription (speech-to-text) | USA | SOC2 |
| GitHub | Source control & CI | USA | SOC2 |
| Google Workspace | Internal email & documents | USA / EU | SOC2ISO27001 |
| LiveKit | Real-time video/audio | USA | — |
| Paddle | Merchant-of-Record billing | United Kingdom | PCI DSS L1SOC2 |
| Resend | Transactional email | USA | — |
| Sentry | Error monitoring | USA | SOC2ISO27001 |
| Supabase | Database, Auth & Storage hosting | Germany / USA | SOC2ISO27001 |
| Upstash | Redis rate limiting | USA (global) | — |
| Vercel | Application hosting & CDN | USA (global edge) | SOC2 |
Data residency: customer data is pinned to its chosen region (EU or US). See the compliance posture and security pages. Questions: privacy@aioproductos.com.