Legal
Sub-processors
The current list of third-party sub-processors AgenticAssure engages to deliver the Service. We notify customers at least 30 days before adding new sub-processors.
Effective date: March 27, 2026
Last updated: 2026-05-13
AgenticAssure engages a small number of carefully vetted third parties (each a "sub-processor") to help us deliver the Service. We remain responsible to you for any processing they perform, and each sub-processor is contractually bound by data-protection obligations no less protective than our DPA - including our No Model Training commitment in MSA §4.4.
This page mirrors Annex III of our Data Processing Addendum. If you have an Order Form or DPA in place, the sub-processor list at the time of signing is incorporated by reference; subsequent additions are governed by the change-notice section below.
Infrastructure & platform
| Sub-processor | Contracting entity | Service | Processing location | Purpose |
|---|---|---|---|---|
| Amazon Web Services, Inc. | United States / EEA | Cloud infrastructure (compute, storage, networking) | ap-southeast-1 (Singapore) by default; alternative AWS regions on request | Application hosting, storage, backups |
| Netlify, Inc. | United States | CDN / static-site hosting | Global edge | Marketing-site delivery (agenticassure.ai) |
Operational sub-processors
| Sub-processor | Contracting entity | Service | Processing location | Purpose |
|---|---|---|---|---|
| Resend, Inc. | United States | Transactional email | EU + US | Sending account, billing, contact-form, and notification emails |
| Stripe, Inc. | United States | Payment processing | United States | Subscription billing, invoicing, customer portal |
| Stripe Payments Singapore Pte. Ltd. | Singapore | Payment processing | Singapore + US | Local Stripe entity for SGD/USD invoicing where applicable |
AI / LLM inference providers
The providers below are engaged only when a Customer's selected test plan targets a model they host. Customers may restrict or disable the inference providers used to test their models via the Order Form or in-product controls.
For each provider, AgenticAssure uses the vendor's commercial / enterprise API endpoint that, under that vendor's then-current terms for that endpoint, does not use customer-submitted prompts or outputs to train the vendor's models. If a vendor materially changes its terms, we will notify affected customers and take reasonable steps to migrate or disable the affected integration. See DPA Annex III for the full description.
| Sub-processor | Contracting entity | Service | Processing location | Purpose |
|---|---|---|---|---|
| OpenAI, L.L.C. | United States | LLM inference | United States | Executes test prompts only when the Customer's test plan targets an OpenAI-hosted model |
| Anthropic, PBC | United States | LLM inference | United States | Executes test prompts only when the Customer's test plan targets an Anthropic-hosted model |
| Amazon Bedrock (AWS) | United States / EEA / Singapore | LLM inference | Customer-selected AWS region | Executes test prompts only when the Customer's test plan targets a Bedrock-hosted model |
Notice of changes
We will provide at least 30 days' prior notice before engaging a new sub-processor that processes Customer Personal Data. To receive notifications, email contact@agenticassure.ai and we'll add you to the change-notice list. Customers with an active DPA can object on reasonable data-protection grounds, as described in DPA §3.3.
Contact
Questions about a specific sub-processor or our data-protection program: email contact@agenticassure.ai.
Questions? Contact us or email contact@agenticassure.ai.