Sub-processors — DocReadi

DocReadi uses the third-party sub-processors listed below to deliver the service. Sub-processors are bound by written agreements requiring confidentiality, security, and data-protection commitments equivalent to those we commit to our tenants.

We notify tenant account holders by email at least 30 days before activating a new sub-processor. Tenants may object; the parties will discuss a carve-out or termination right where objection is raised.

Current list

Sub-processor	Role	Data	Region	Safeguards
Anthropic	LLM extraction (primary provider)	Document markdown + optional page images	United States	✓ EU-US DPF certified ✓ No training on inputs Published API DPA. Use for tenant default extraction.
OpenAI	LLM extraction (tenant opt-in)	Document markdown + optional page images	United States	✓ EU-US DPF certified ✓ No training on inputs Published API DPA. 30-day abuse-monitoring retention.
Google (Gemini)	LLM extraction (tenant opt-in)	Document markdown + optional page images	United States / EU	✓ EU-US DPF certified ✓ No training on inputs Paid API tier only. Cloud DPA covers transfers.
Mistral	OCR + LLM extraction (tenant opt-in)	PDF bytes or markdown	European Union (France)	✗ EU-US DPF certified ✓ No training on inputs GDPR-native. Recommended default for EU-origin tenants.
xAI (Grok)	LLM extraction (tenant opt-in)	Document markdown	United States	✗ EU-US DPF certified ✓ No training on inputs Verify DPA before routing EU-origin data; SCCs advisable.
OpenRouter	LLM aggregator (tenant opt-in)	Document markdown	United States (aggregator); downstream provider varies	✗ EU-US DPF certified ✓ No training on inputs Posture inherits from the selected downstream provider. Treat as pass-through; verify each underlying provider.
Railway	Application + database hosting	All application data at rest and in transit	EU West 4 (the Netherlands) for this deployment	US-headquartered company; data processed in EU. Provider DPA available; sign before live traffic.
Amazon Web Services (S3)	Encrypted pg_dump backup storage	Age-encrypted database dumps	EU (Ireland)	✓ EU-US DPF certified Backups are client-side encrypted before upload; AWS receives ciphertext only. Lifecycle: 30d hot, 90d Glacier Deep Archive, 365d delete.
Meta (WhatsApp Business API)	Inbound document ingestion from WhatsApp (optional per tenant)	Media attachments forwarded from WhatsApp numbers	United States / global	✓ EU-US DPF certified Only active when a tenant enables WhatsApp routing. Tokens stored Fernet-encrypted at rest.
OpenStreetMap Nominatim	Address geocoding (optional per tenant)	Vendor address strings	European Union	Public endpoint; no account or API key required.
Sentry	Error tracking (activated post-launch)	Stack traces + request metadata + company_id/user_id tags	Configurable (US or EU)	✓ EU-US DPF certified send_default_pii=False — no document bodies or cookie values leave the container. Currently unset pre-launch.

Sub-processors marked as providing a specific LLM provider are activated per-tenant: a tenant may choose a default extraction provider and may opt-in / opt-out of alternatives via the tenant settings page. The default provider is Anthropic.

Change history

We maintain an audit trail of sub-processor changes. Current state reflects the list above.

2026-04-24: Initial published list.

Contact

Sub-processor questions: legal@docreadi.com.