ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review

aisecurity.llc

Subprocessors

Third-party providers that process data on our behalf · Last updated May 19, 2026

AI provider disclosure: We use AI model APIs (Anthropic Claude, OpenAI). Neither provider trains models on our API inputs under our business agreements. See individual entries below for specifics.

aisecurity.llc engages the following third-party service providers ("subprocessors") to support site and service operations. All subprocessors are bound by data processing obligations appropriate to their role. We evaluate new subprocessors for security posture, privacy practices, and data handling standards before engagement.

Material additions to this list will be announced via our legal changelog. Enterprise clients with contractual notification requirements should contact legal@aisecurity.llc.

Infrastructure & Hosting

Vercel Inc.

United States

Purpose: Web application hosting, serverless compute, and global edge delivery

Data processed: HTTP request logs, session data, application payloads

Website: vercel.com

Cloudflare, Inc.

United States (global edge network)

Purpose: CDN, DDoS protection, DNS, and edge security

Data processed: IP addresses, HTTP metadata, security event data

Website: cloudflare.com

Database & Storage

Supabase, Inc.

United States (AWS us-east-1 by default)

Purpose: Database hosting (PostgreSQL), authentication, and file storage

Data processed: Account data, site content, user-generated data

Website: supabase.com

AI Model Providers

Anthropic, PBC

United States

AI Model Provider

Purpose: Large language model API (Claude) for research assistance, content drafting, and site features

Data processed: Prompts and context submitted to Claude API; does not include unnecessary personal data

Website: anthropic.com

We use Anthropic's API under terms that prohibit training on our API inputs. Customer content is not used to train Anthropic's models.

OpenAI, LLC

United States

AI Model Provider

Purpose: Supplemental LLM API usage for specific research and tooling features

Data processed: Prompts and context submitted to OpenAI API; we apply data minimization practices

Website: openai.com

We use the OpenAI API under business terms. By default, OpenAI does not use API inputs to train models.

Analytics

Vercel Analytics

United States

Purpose: Aggregate web analytics and Core Web Vitals monitoring

Data processed: Page views, device type, aggregate performance metrics — no personally identifiable data

Website: vercel.com/analytics

Email & Communications

Resend, Inc.

United States

Purpose: Transactional email delivery (account notifications, research releases)

Data processed: Email addresses, email content for transactional messages

Website: resend.com

Version Control & CI/CD

GitHub, Inc. (Microsoft)

United States

Purpose: Source code hosting, CI/CD pipelines

Data processed: Source code, deployment metadata; no personal end-user data stored

Website: github.com

Subprocessor Changes

We will update this page when we add or remove subprocessors. Enterprise clients under a Data Processing Addendum will receive advance notice of material changes as required by their agreement. See our Data Processing Addendum for enterprise notification terms.

Subprocessors · aisecurity.llc · Last updated May 19, 2026

← Back to Legal