Legal

Sub-processors

Third parties SchneeAI uses to operate the platform. Draft for counsel review — finalized before general availability.

Overview

SchneeAI uses third-party providers to operate the platform. This page lists the categories of providers, the specific providers in each category, and the safeguards relied upon for cross-border data transfers.

Where SchneeAI processes personal data on behalf of a customer, these providers act as sub-processors under the Data Processing Addendum. Customers may object to a new sub-processor as described in Section 6 of the DPA.

AI model providers

Requests routed through SchneeAI are sent to upstream model providers based on the model selected. These providers process prompt and output content under their own applicable API terms.

ProviderServiceProcessing locationTransfer safeguard
OpenAILLM API (GPT family)United States and operational regionsProvider API terms; EU-US Data Privacy Framework
AnthropicLLM API (Claude family)United States and operational regionsProvider API terms; EU-US Data Privacy Framework
GoogleLLM API (Gemini family)Regional infrastructureProvider API terms; EU-US Data Privacy Framework
GroqLLM API (high-throughput inference)United StatesProvider API terms

Each provider’s API terms generally restrict training on customer content submitted via API. Customers are responsible for reviewing the provider terms applicable to their selected models.

Additional providers may be added based on customer demand. Updates are tracked in the Change log below.

Cloud infrastructure

ProviderServiceProcessing locationTransfer safeguard
CloudflarePages hosting, DNS, CDN, Web AnalyticsGlobal edgeEU Standard Contractual Clauses
Cloudflare R2 / S3-compatible object storageVault storage (encrypted raw prompts and outputs)Customer-selected regionEU Standard Contractual Clauses
PostgreSQL (managed)Operational metadata, audit logs, usage ledgerCustomer-selected regionEU Standard Contractual Clauses
Redis (managed)Caching, idempotency, rate limitingCustomer-selected regionEU Standard Contractual Clauses

Specific vendors for object storage, PostgreSQL, and Redis will be confirmed before general availability.

Payment processing

ProviderServiceProcessing locationTransfer safeguard
StripeCard payment processing, billingUnited States and operational regionsProvider terms; PCI-DSS

Card details are handled by Stripe under PCI-DSS. SchneeAI does not store full card numbers.

Transactional email

ProviderServiceProcessing locationTransfer safeguard
TBD (provider selection in progress)Operational notifications, billing receiptsTBDTBD

Transactional email provider will be confirmed before general availability.

Marketing analytics

These sub-processors apply only to visitors of the marketing site (schneeai.com), not to platform customers. Loaded after visitors accept analytics cookies via the consent banner.

ProviderServiceProcessing locationTransfer safeguard
Google Analytics 4 (Google Ireland / Google LLC)Marketing site traffic analyticsIreland (EEA users) / United States (other users)EU Standard Contractual Clauses; EU-US Data Privacy Framework
Cloudflare Web AnalyticsCookie-less site traffic analyticsGlobal edgeProvider terms
Microsoft ClarityHeatmaps and session replay (cookie-less option available)United States and operational regionsEU-US Data Privacy Framework

See the Cookie Policy for the controls available to visitors.

Source code and development

ProviderServiceProcessing locationTransfer safeguard
GitHubSource code hosting, CI/CDUnited States and operational regionsEU-US Data Privacy Framework

International data transfers

For transfers out of the European Economic Area, the United Kingdom, or Switzerland, SchneeAI relies on:

  • EU Standard Contractual Clauses — Modules Two (controller-to-processor) and Three (processor-to-processor), as applicable
  • UK Addendum — for transfers subject to UK GDPR
  • Swiss equivalent — for transfers subject to Swiss FADP
  • EU-US Data Privacy Framework — where the sub-processor is certified

A copy of the executed Standard Contractual Clauses is available to customers under NDA on request.

Changes to this list

SchneeAI will update this list when:

  • A new sub-processor is added.
  • A sub-processor is removed.
  • A sub-processor’s processing location or transfer safeguard changes materially.

Customers are notified by email at least 30 days before a new sub-processor starts processing personal data. Customers may object to a new sub-processor on reasonable data-protection grounds as described in Section 6 of the DPA.

Contact

Questions about sub-processors or transfer safeguards: [email protected].

Effective date: to be set before general availability.