Brain Orchestra — Sub-processor List
This document lists the current sub-processors used by Xalerate AB
to provide the Brain Orchestra service. It is incorporated by
reference into our Data Processing Agreement (legal/DPA.md) as
Annex III.
Effective date: May 3, 2026 Last updated: 2026-05-03
How to subscribe to change notifications
When we add or replace a sub-processor, we notify active customers by email at least 14 days in advance, to the email address associated with the customer account. During that notice period, a customer may object in writing to the new sub-processor on reasonable grounds (see DPA Section 4.3).
To receive sub-processor change notices, make sure your account email is current. Enterprise customers with a signed commercial agreement may additionally request change notices to a designated DPO email address.
Infrastructure and platform sub-processors
These sub-processors support Brain Orchestra's operations directly and may receive any personal data processed through the service.
| Sub-processor | Purpose | Location of processing | Transfer mechanism |
|---|---|---|---|
| Railway Corp. | Primary hosting (gateway, dashboard, website, PostgreSQL, Redis if applicable) | Netherlands (europe-west4) — EU | N/A (EU) |
| Amazon Web Services EMEA SARL | AWS Bedrock runtime and AWS Pricing API (for routing Claude, Nova, Titan, and Mistral Devstral through Bedrock, and for refreshing model pricing) | Frankfurt (eu-central-1) and Stockholm (eu-north-1) — EU | N/A (EU) |
Email and communication sub-processors
| Sub-processor | Purpose | Location of processing | Transfer mechanism |
|---|---|---|---|
| Resend, Inc. | Transactional email (signup confirmations, password reset, account notices, sub-processor change notices) | United States | EU Standard Contractual Clauses (Module 3, Processor → Sub-processor) |
Payment sub-processors
| Sub-processor | Purpose | Location of processing | Transfer mechanism |
|---|---|---|---|
| Stripe, Inc. (with Stripe Payments Europe Ltd for EU customers) | Subscription and payment processing (payment methods, invoices, receipts, webhooks) | United States (primary) with EU routing via Stripe Payments Europe | EU Standard Contractual Clauses (Module 3, Processor → Sub-processor); Stripe is also a certified EU-US Data Privacy Framework participant |
LLM provider sub-processors
Important: the LLM provider sub-processors below only receive
Customer Data when the Customer's project is configured to route to
them. Each customer controls which providers are enabled for their
projects through the territorial tier setting and the
routing_preferences.allowed_models list.
| Sub-processor | Purpose | When engaged | Location |
|---|---|---|---|
| Anthropic PBC | LLM inference for Claude models via the Anthropic direct API | Only when the customer's project uses the unrestricted territorial tier AND routing_preferences permits Anthropic direct routing | United States (transferred under SCCs Module 3) |
| Anthropic PBC via AWS Bedrock | LLM inference for Claude models via Amazon Bedrock (Frankfurt cross-region inference) | When the customer's project uses eu_cloud tier | EU (Frankfurt eu-central-1) |
| OpenAI, LLC (and OpenAI Ireland Ltd for EEA customers) | LLM inference for GPT-4o, GPT-o3, GPT-o4-mini via the OpenAI direct API | Only when the customer's project uses the unrestricted territorial tier | United States (transferred under SCCs Module 3) |
| Mistral AI S.A.S. | LLM inference for Mistral Small, Medium, Large, Codestral, Pixtral Large, Devstral via the Mistral direct API | When the customer's project uses eu_cloud or eu_strict tier | France — EU |
| Mistral via AWS Bedrock Stockholm | LLM inference for Mistral Devstral via Amazon Bedrock Stockholm direct serverless | When the customer's project uses eu_sweden tier | Sweden (Stockholm eu-north-1) |
| Amazon Web Services — Nova models via Bedrock Stockholm | LLM inference for Amazon Nova Lite via Amazon Bedrock Stockholm direct serverless | When the customer's project uses eu_sweden or eu_cloud tier and routes to Nova Lite | Sweden (Stockholm eu-north-1) or Netherlands (via EU cross-region inference profile for eu_cloud) |
| Google LLC | LLM inference for Gemini Flash and Gemini Pro via the Google AI direct API | Only when the customer's project uses the unrestricted territorial tier | United States (transferred under SCCs Module 3) |
| Cohere, Inc. via AWS Bedrock Frankfurt | Embedding inference (cohere-embed-multilingual) | When the customer's project uses eu_cloud tier and routes to Cohere embeddings | EU (Frankfurt eu-central-1) |
| Amazon Web Services — Titan embeddings via Bedrock | Embedding inference (titan-embed-v2-frankfurt, titan-embed-v2-sweden, titan-multimodal-embed-frankfurt) | When the customer's project uses eu_cloud or eu_sweden tier and routes to Titan | Frankfurt (eu-central-1) or Stockholm (eu-north-1) — EU |
| OpenAI — embedding models via direct API | Embedding inference (openai-embed-3-small, openai-embed-3-large) | Only when the customer's project uses the unrestricted territorial tier | United States (transferred under SCCs Module 3) |
| Moonshot AI | LLM inference for Kimi K2.6 via the Moonshot direct API (api.moonshot.ai) | Only when the customer's project uses the unrestricted territorial tier AND the customer explicitly requests kimi-* models by name (Moonshot is not in default routing) | People's Republic of China (transferred under SCCs Module 3, supplemental measures and Transfer Impact Assessment per Schrems II requirements) |
| xAI Corp. | LLM inference for Grok 4.3, Grok 4 Fast, Grok 4, Grok 3 Mini via the xAI direct API (api.x.ai) | Only when the customer's project uses the unrestricted territorial tier AND the customer explicitly requests grok-* models by name (xAI is not in default routing) | United States (transferred under SCCs Module 3; xAI's named EU representative is Lionheart Squared Ltd, Dublin) |
For US-hosted providers, transfers are made under the EU Standard Contractual Clauses (Module 3, Processor → Sub-processor) as specified in the table above. Where a provider participates in the EU-US Data Privacy Framework, that framework provides an additional basis for the transfer. Transfer Impact Assessments are conducted and maintained internally and are available to Customers upon request under the audit rights in DPA Section 4.7.
PII sub-processors
| Sub-processor | Purpose | Location of processing | Transfer mechanism |
|---|---|---|---|
| Microsoft Presidio (open-source library, self-hosted by Brain Orchestra) | PII detection, pseudonymization, and redaction in prompts before they reach LLM providers | Same host as Brain Orchestra core (Railway europe-west4 — EU) | N/A (self-hosted, no data leaves EU) |
Note: Presidio is an open-source library operated by Brain Orchestra on its own infrastructure. It is not a third-party data processor in the legal sense — it is part of Brain Orchestra's platform. It is listed here for transparency because it processes personal data as a distinct service sidecar.
Analytics and observability sub-processors
Brain Orchestra does not use third-party website analytics or product
telemetry processors that receive personal data. Observability is
handled entirely in-app via the admin dashboard. A Prometheus-compatible
/internal/metrics endpoint is available for optional external
integration but is not currently connected to any third-party service.
Historical changes
This section records material additions, removals, or replacements of sub-processors. Brain Orchestra is in early operation and will populate this section as changes occur.
| Date | Change |
|---|---|
| 2026-04-14 | Initial list created. |
| 2026-04-25 | Production-ready cleanup; transfer mechanisms confirmed. |
| 2026-04-25 | Removed Grafana Labs — observability moved fully in-app (6735bc6). |
Questions or objections: support@xalerate.com