Current list of third parties processing customer personal data on behalf of Brainiall.
| Category | Sub-processor | Purpose | Location |
|---|---|---|---|
| Infrastructure | Leading cloud infrastructure providers | Application hosting, managed compute, managed databases, object storage, CDN edge caching | United States, European Union |
| AI Inference | AI infrastructure partners * | Model inference for chat, image generation, video generation, speech synthesis, embeddings, and content moderation | United States, European Union * |
| Payments | Stripe, Inc. | Payment processing, subscription management, customer portal, tax calculations, invoicing | United States, European Union (routed per customer region) |
| Authentication | Google LLC | OAuth 2.0 sign-in (no offline storage of Google-side personal data beyond short-lived tokens) | United States |
| Transactional email provider | Delivery of account, billing, and support email | United States, European Union | |
| Observability | Logs & error-tracking platform | Service health monitoring, error aggregation, incident triage; no customer prompts or generated outputs are forwarded | United States, European Union |
| Domain / TLS | Domain registrar and TLS CA | Domain resolution and certificate issuance; no personal data processed | Global |
| Analytics (opt-in) | Privacy-friendly analytics (e.g., self-hosted or GDPR-compliant provider) | Aggregate page-view and performance metrics; no cross-site tracking. Only active if user gave explicit consent. | European Union |
* Enterprise customers under signed NDA may request provider-level disclosures, specific regional routing, and contract excerpts via compliance@brainiall.com. Brainiall maintains contractual guarantees with all AI model partners that (a) customer prompts are not used to train third-party models, (b) prompts are retained only for the duration of inference plus abuse-prevention windows (not exceeding 30 days), and (c) data-residency preferences can be honored on qualifying plans.
Brainiall will notify Customer in writing of intended additions or replacements of sub-processors with at least 30 days' notice through one or more of:
Customer may object in writing within the 30-day window via compliance@brainiall.com. If a reasonable technical alternative exists, Brainiall will accommodate the objection. If no such alternative is feasible, Customer may terminate the affected Services for cause and receive a pro-rated refund of prepaid fees.
To receive email notifications about sub-processor changes before they take effect, email compliance@brainiall.com with the subject Subprocessor notifications and the domain(s) you want monitored.