For US companies/Trust pack

Trust pack · Subprocessors

Subprocessors

Service providers that may process client personal data on our behalf during engagements. Material changes (new subprocessor, new region) are notified to engaged clients 30 days in advance with right to object.

Quick facts (for procurement)

Entity (sales)
AI-Native Agency LLC (Delaware) or SAS (France)
Insurance
$2M PI + $1M cyber via Lloyd's-backed carrier
NDA turnaround
24 hours from request
SOW turnaround
5 business days from Discovery call
Net terms
Net-30 standard, Net-15 on request
Data residency
US-region storage available; default EU
Sub-processors
Disclosed at /subprocessors; 30-day change notice
DPA
GDPR + CCPA, SCCs included

Current subprocessor list

Not every subprocessor is used in every engagement. The actual set depends on your choice of model provider, hosting strategy, and data residency requirements captured during Discovery.

Anthropic

AI model provider

Purpose
Claude inference for retrieval-augmented workflows and reviewer assistance.
Data location
US (with EU residency available on Enterprise plans).
DPA
Anthropic Commercial Terms + DPA available at anthropic.com/legal.
Privacy posture
Zero retention API enabled; data not used to train Anthropic models.

OpenAI

AI model provider (substitutable)

Purpose
Optional GPT-4-class inference where required by client benchmarks.
Data location
US (with EU residency on Enterprise/Azure deployments).
DPA
OpenAI DPA available at openai.com/policies/data-processing-addendum.
Privacy posture
API data not used for training (post Apr-2023 default).

Google (Vertex AI / Gemini)

AI model provider (substitutable)

Purpose
Optional Gemini inference for client workflows benefiting from long-context retrieval.
Data location
US, EU, regional on Vertex AI deployments.
DPA
Google Cloud DPA.
Privacy posture
Vertex AI data not used to train foundation models.

Vercel

Application hosting (our marketing site)

Purpose
Hosting ai-native-agency.com. Client production workflows deploy in client cloud, not Vercel.
Data location
US, EU regions.
DPA
Vercel DPA available at vercel.com/legal/dpa.
Privacy posture
No client production data hosted on Vercel.

Supabase

Database hosting (engagement internal)

Purpose
Internal engagement coordination database (project tracking, billing). No client production data.
Data location
EU region by default; US available.
DPA
Supabase DPA available at supabase.com/dpa.
Privacy posture
No client production data; internal use only.

Postmark

Transactional email

Purpose
Client communications (engagement notifications, weekly review summaries).
Data location
US.
DPA
ActiveCampaign Postmark DPA.
Privacy posture
Email content retained per Postmark policy; client identities flagged.

Sentry

Error monitoring

Purpose
Application error tracking for delivered workflows.
Data location
US, EU regions.
DPA
Sentry DPA available at sentry.io/legal/dpa.
Privacy posture
PII scrubbing configured per engagement.

Stripe

Payment processing

Purpose
USD invoice processing for US engagements.
Data location
US.
DPA
Stripe DPA available at stripe.com/legal/dpa.
Privacy posture
Card data tokenised; we do not store PAN.

Want to be notified?

Engaged clients receive subprocessor change notifications by email. To subscribe, email the procurement contact named in your SoW.

Procurement contact

Need this in a different format?

We can fill out your security questionnaire (SIG, CAIQ, custom), share insurance certificates, run through procurement legal calls, or sign your standard MSA. Reach out via the discovery call and we'll route you to the right docs.

Book a procurement-friendly callRequest the full pack