Subprocessor List
Ezel AI, Inc. uses the following third-party service providers ("subprocessors") to help deliver our services. These subprocessors may process customer data on our behalf.
AI Processing
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Anthropic | Claude API | Documents, chat queries, usage data | United States | AI-powered document analysis and generation |
| OpenAI | GPT API | Documents, chat queries, usage data | United States | AI-powered document analysis and generation |
Authentication & Email
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Supabase | Authentication & email delivery | Email address, authentication tokens | United States | User authentication via magic links and transactional emails |
| EmailOctopus | Email list management | Email address, template metadata (requested template name, category, jurisdiction), submission timestamp | United Kingdom / European Union (AWS eu-west-1) | Store emails voluntarily submitted through template-request and feedback forms |
| Postmark (ActiveCampaign, Inc.) | Transactional and broadcast email delivery | Email address, first name, message content, delivery metadata (opens, bounces, unsubscribes) | United States | Deliver product announcements, feature updates, and other broadcast emails to subscribers and opted-in leads; process bounces and unsubscribe requests |
Payment Processing
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Stripe, Inc. | Payment processing | Name, email, payment information, billing history | United States | Payment processing, billing, and invoice emails |
Infrastructure & Security
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Cloudflare, Inc. | CDN, DDoS protection, bot management, tag management (Zaraz), and anti-spam (Turnstile) | IP address, request metadata, User-Agent, form submissions on protected pages | Global edge network (primarily United States) | Serve and accelerate the website, block abusive traffic, proxy first-party analytics, and protect forms from spam |
Analytics
| Subprocessor | Service | Data Processed | Location | Purpose |
|---|---|---|---|---|
| Google Analytics | Usage analytics | Anonymous usage patterns, page views | United States | Basic website analytics to improve our service |
Data Protection Commitments
All subprocessors have committed to:
- Process data only according to our instructions
- Implement appropriate security measures
- Not use customer data for their own purposes
- Not use customer data to train AI models (Anthropic and OpenAI have explicit policies against this)
- Comply with applicable data protection laws (GDPR, CCPA, etc.)
Bring Your Own Storage (BYOS)
When customers use our BYOS feature:
- Documents are stored in the customer's own infrastructure
- Ezel does not have access to document content
- Only orchestration metadata is processed through our systems
- The customer's own storage provider becomes their direct subprocessor
Changes to This List
We may update this Subprocessor List as we add or remove services. Changes will be communicated via:
- Update to the "Last Updated" date on this page
- Email notification for material changes that affect data processing
Enterprise customers with specific subprocessor requirements should contact us at [email protected].
Subprocessor Security
All subprocessors meet industry-standard security requirements:
- Anthropic and OpenAI: SOC 2 Type II certified
- Stripe: PCI DSS Level 1 certified
- Supabase: SOC 2 Type II certified
- Cloudflare: SOC 2 Type II, ISO 27001, and PCI DSS certified
- Google Analytics: Part of Google Cloud (ISO 27001, SOC 2)
- EmailOctopus: GDPR-compliant, hosted on AWS (SOC 2, ISO 27001)
- Postmark (ActiveCampaign): SOC 2 Type II certified
Data Processing Locations
Subprocessors process data primarily in the United States, with one exception noted below:
- AI Processing: United States (Anthropic and OpenAI servers)
- Payments: United States (Stripe)
- Authentication: United States (Supabase)
- Infrastructure & Security: Global edge network, primarily United States (Cloudflare)
- Analytics: United States (Google)
- Email list management: United Kingdom / European Union (EmailOctopus, hosted on AWS eu-west-1)
- Email delivery: United States (Postmark / ActiveCampaign)
Enterprise options: BYOS customers control their own data location. Contact [email protected] for custom data residency requirements.
Contact
For questions about our subprocessors or data processing practices:
- Email: [email protected]
- Enterprise Inquiries: [email protected]