Data Sub-processors
Third-party service providers who process data on our behalf, listed for transparency and GDPR compliance (Art. 28).
| Provider | Purpose | Location | Transfer Mechanism |
|---|---|---|---|
| Groq
Since February 17, 2026 | LLM inference — generates AI-powered outputs from your queries and document context Queries, document context, AI outputs (transient; not retained after processing) | United States | EU Standard Contractual Clauses (SCCs) |
| DeepInfra
Since February 17, 2026 | Embedding generation — converts document text into vector representations for search and retrieval Document text chunks (transient; not retained after processing) | United States | EU Standard Contractual Clauses (SCCs) |
| Amazon Web Services (AWS)
Since February 17, 2026 | Cloud infrastructure — database hosting, compute, storage, content delivery All data stored by the Services | United States (us-east-1, primary); EU (eu-west-1, planned) | Data Processing Addendum with SCCs |
| Anthropic
Since February 17, 2026 | LLM inference (AI-as-a-Judge evaluation) User queries and document context (transient) | United States | EU Standard Contractual Clauses (SCCs) |
| TogetherAI
Since March 19, 2026 | LLM inference — generates AI-powered outputs from your queries and document context Queries, document context, AI outputs (transient; not retained after processing) | United States | EU Standard Contractual Clauses (SCCs) |
What are sub-processors?
Sub-processors are third-party service providers we engage to process personal data on our behalf. They are contractually bound to process data only as instructed by us, implement appropriate security measures, and maintain confidentiality. All data sent to LLM and embedding providers is transient—it is used only to generate responses and is not retained by the provider after processing.
Your private library stays private
When your documents are processed, only the relevant passages needed to answer your query are sent to LLM providers—not your entire library. These providers process the data transiently (it is not stored or used for training) and operate under Data Processing Agreements. Your documents, embeddings, and indexes remain within your isolated private library on our infrastructure.
Data Protection Agreements
We have entered into Data Processing Agreements (DPAs) with all sub-processors that meet the requirements of applicable data protection laws, including the GDPR. These agreements ensure sub-processors provide sufficient guarantees for appropriate technical and organizational measures.
Changes to sub-processors
We notify users at least 30 days before adding a new sub-processor. Users may object and terminate their subscription without penalty if we cannot accommodate the objection. For objections, contact privacy@transparentlab.ai .