Subprocessor List
Ezel AI, Inc. uses the following third-party service providers ("subprocessors") to help deliver our services. These subprocessors may process customer data on our behalf.
AI Processing
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Anthropic | Claude API | Documents, chat queries, usage data | United States | AI-powered document analysis and generation |
| OpenAI | GPT API | Documents, chat queries, usage data | United States | AI-powered document analysis and generation |
Authentication & Email
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Supabase | Authentication & email delivery | Email address, authentication tokens | United States | User authentication via magic links and transactional emails |
Payment Processing
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Stripe, Inc. | Payment processing | Name, email, payment information, billing history | United States | Payment processing, billing, and invoice emails |
Analytics
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Google Analytics | Usage analytics | Anonymous usage patterns, page views | United States | Basic website analytics to improve our service |
Data Protection Commitments
All subprocessors have committed to:
- Process data only according to our instructions
- Implement appropriate security measures
- Not use customer data for their own purposes
- Not use customer data to train AI models (Anthropic and OpenAI have explicit policies against this)
- Comply with applicable data protection laws (GDPR, CCPA, etc.)
Bring Your Own Storage (BYOS)
When customers use our BYOS feature:
- Documents are stored in the customer's own infrastructure
- Ezel does not have access to document content
- Only orchestration metadata is processed through our systems
- The customer's own storage provider becomes their direct subprocessor
Changes to This List
We may update this Subprocessor List as we add or remove services. Changes will be communicated via:
- Update to the "Last Updated" date on this page
- Email notification for material changes that affect data processing
Enterprise customers with specific subprocessor requirements should contact us at [email protected].
Subprocessor Security
All subprocessors meet industry-standard security requirements:
- Anthropic and OpenAI: SOC 2 Type II certified
- Stripe: PCI DSS Level 1 certified
- Supabase: SOC 2 Type II certified
- Google Analytics: Part of Google Cloud (ISO 27001, SOC 2)
Data Processing Locations
All subprocessors process data primarily in the United States:
- AI Processing: United States (Anthropic and OpenAI servers)
- Payments: United States (Stripe)
- Authentication: United States (Supabase)
- Analytics: United States (Google)
Enterprise options: BYOS customers control their own data location. Contact [email protected] for custom data residency requirements.
Contact
For questions about our subprocessors or data processing practices:
- Email: [email protected]
- Enterprise Inquiries: [email protected]