SecureAIFlow engages the following subprocessors to provide its AI security and governance platform. All subprocessors are bound by data protection obligations consistent with our Data Processing Agreement.
We will notify customers of any changes to this list in advance. For questions, contact [email protected].
AI Inference Providers
Google LLC — Gemini API
PurposeAI inference and response generation
Data ProcessedUser prompts (sanitized and pseudonymized)
LocationUnited States / Global infrastructure
SafeguardsStandard Contractual Clauses (SCCs)
OpenAI — API
PurposeAI inference and response generation
Data ProcessedUser prompts (sanitized and pseudonymized)
LocationUnited States / Global infrastructure
SafeguardsStandard Contractual Clauses (SCCs)
Anthropic — Claude API
PurposeAI inference and response generation
Data ProcessedUser prompts (sanitized and pseudonymized)
LocationUnited States / Global infrastructure
SafeguardsStandard Contractual Clauses (SCCs)
Infrastructure
Google Cloud
PurposeCloud infrastructure hosting (SaaS backend)
Data ProcessedEncrypted application data, usage metadata
LocationCustomer can select region
SafeguardsSelected region based processing; GDPR-compliant DPA
Cloudflare, Inc.
PurposeCDN, DNS, DDoS protection, website hosting
Data ProcessedHTTP metadata, static assets
LocationGlobal edge network
SafeguardsStandard Contractual Clauses (SCCs)
Business Operations
Microsoft Corporation — Microsoft 365
PurposeBusiness email, communication
Data ProcessedEmail correspondence, account administration
LocationEU data centers
SafeguardsEU Data Boundary; GDPR DPA
Our Data Protection Approach
Prompt Sanitization
PII, secrets, and credentials are detected and redacted before data reaches any third-party provider.
Cryptographic Pseudonymization
HMAC-SHA256 irreversibly replaces sensitive values, preserving code structure without exposing originals.
Data Minimization
Prompts are processed in transit only. No unnecessary data retention — original values are never stored.