Legal · Transparency
Subprocessors
To deliver the Codaiq platform, we rely on a small set of carefully selected subprocessors. This page lists every third-party service that may process customer Personal Data on our behalf. It is referenced by, and forms Annex 1 to, our DPA.
Get notified of changes
To get notified of subprocessor changes, email info@codaiq.com with the subject "Subprocessor notifications". We will notify you 30 days before any addition or change so you can exercise your right of objection under section 7 of the DPA.
| Subprocessor | Purpose | Country | DPA |
|---|---|---|---|
| Anthropic, PBC | LLM (Claude) | USA | DPA |
| Inngest, Inc. | Background Jobs | USA | DPA |
| MongoDB Atlas (MongoDB, Inc.) | Database Hosting | USA / Ireland | DPA |
| OpenAI Ireland Ltd | LLM (GPT) | Ireland / USA | DPA |
| OpenRouter, Inc. | LLM Gateway | USA | Privacy |
| Pollinations.ai (Stichting Pollinations) | AI Image Generation | Germany | DPA on request |
| Railway Corp. | Infrastructure-as-a-Service | USA | DPA |
| Resend, Inc. | Transactional Email | USA | DPA |
| Sentry (Functional Software, Inc.) | Error Tracking | USA | DPA |
| Stripe Payments Europe Ltd | Payment Processing | Ireland | DPA |
| Upstash, Inc. | Rate-Limit Redis | USA | DPA |
| Vercel, Inc. | CDN / Edge Hosting (Frontend) | USA | DPA |
All US subprocessors are bound by EU Standard Contractual Clauses Module 2 (Controller-to-Processor) and the UK IDTA Addendum where applicable. Where a subprocessor is certified under the EU-US Data Privacy Framework, we additionally rely on that adequacy decision.
We do not sell customer data. Subprocessors are contractually prohibited from using customer Personal Data for any purpose other than providing services to Codaiq.
For data-protection enquiries, write to info@codaiq.com or by post to Codaiq LTD, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom (Companies House No. 16537316).