Overview
SchneeAI uses third-party providers to operate the platform. This page lists the categories of providers, the specific providers in each category, and the safeguards relied upon for cross-border data transfers.
Where SchneeAI processes personal data on behalf of a customer, these providers act as sub-processors under the Data Processing Addendum. Customers may object to a new sub-processor as described in Section 6 of the DPA.
AI model providers
Requests routed through SchneeAI are sent to upstream model providers based on the model selected. These providers process prompt and output content under their own applicable API terms.
| Provider | Service | Processing location | Transfer safeguard |
|---|---|---|---|
| OpenAI | LLM API (GPT family) | United States and operational regions | Provider API terms; EU-US Data Privacy Framework |
| Anthropic | LLM API (Claude family) | United States and operational regions | Provider API terms; EU-US Data Privacy Framework |
| LLM API (Gemini family) | Regional infrastructure | Provider API terms; EU-US Data Privacy Framework | |
| Groq | LLM API (high-throughput inference) | United States | Provider API terms |
Each provider’s API terms generally restrict training on customer content submitted via API. Customers are responsible for reviewing the provider terms applicable to their selected models.
Additional providers may be added based on customer demand. Updates are tracked in the Change log below.
Cloud infrastructure
| Provider | Service | Processing location | Transfer safeguard |
|---|---|---|---|
| Cloudflare | Pages hosting, DNS, CDN, Web Analytics | Global edge | EU Standard Contractual Clauses |
| Cloudflare R2 / S3-compatible object storage | Vault storage (encrypted raw prompts and outputs) | Customer-selected region | EU Standard Contractual Clauses |
| PostgreSQL (managed) | Operational metadata, audit logs, usage ledger | Customer-selected region | EU Standard Contractual Clauses |
| Redis (managed) | Caching, idempotency, rate limiting | Customer-selected region | EU Standard Contractual Clauses |
Specific vendors for object storage, PostgreSQL, and Redis will be confirmed before general availability.
Payment processing
| Provider | Service | Processing location | Transfer safeguard |
|---|---|---|---|
| Stripe | Card payment processing, billing | United States and operational regions | Provider terms; PCI-DSS |
Card details are handled by Stripe under PCI-DSS. SchneeAI does not store full card numbers.
Transactional email
| Provider | Service | Processing location | Transfer safeguard |
|---|---|---|---|
| TBD (provider selection in progress) | Operational notifications, billing receipts | TBD | TBD |
Transactional email provider will be confirmed before general availability.
Marketing analytics
These sub-processors apply only to visitors of the marketing site (schneeai.com), not to platform customers. Loaded after visitors accept analytics cookies via the consent banner.
| Provider | Service | Processing location | Transfer safeguard |
|---|---|---|---|
| Google Analytics 4 (Google Ireland / Google LLC) | Marketing site traffic analytics | Ireland (EEA users) / United States (other users) | EU Standard Contractual Clauses; EU-US Data Privacy Framework |
| Cloudflare Web Analytics | Cookie-less site traffic analytics | Global edge | Provider terms |
| Microsoft Clarity | Heatmaps and session replay (cookie-less option available) | United States and operational regions | EU-US Data Privacy Framework |
See the Cookie Policy for the controls available to visitors.
Source code and development
| Provider | Service | Processing location | Transfer safeguard |
|---|---|---|---|
| GitHub | Source code hosting, CI/CD | United States and operational regions | EU-US Data Privacy Framework |
International data transfers
For transfers out of the European Economic Area, the United Kingdom, or Switzerland, SchneeAI relies on:
- EU Standard Contractual Clauses — Modules Two (controller-to-processor) and Three (processor-to-processor), as applicable
- UK Addendum — for transfers subject to UK GDPR
- Swiss equivalent — for transfers subject to Swiss FADP
- EU-US Data Privacy Framework — where the sub-processor is certified
A copy of the executed Standard Contractual Clauses is available to customers under NDA on request.
Changes to this list
SchneeAI will update this list when:
- A new sub-processor is added.
- A sub-processor is removed.
- A sub-processor’s processing location or transfer safeguard changes materially.
Customers are notified by email at least 30 days before a new sub-processor starts processing personal data. Customers may object to a new sub-processor on reasonable data-protection grounds as described in Section 6 of the DPA.
Contact
Questions about sub-processors or transfer safeguards: [email protected].
Effective date: to be set before general availability.