AiSigma // Legal Document

Sub-processors / Lista sub-procesorów

Full list of entities processing data on behalf of AiSigma

Last updated: June 21, 2026

What is a sub-processor

A sub-processor is a third-party vendor that AiSigma (the data controller) engages to process personal data on your behalf — for example, to run a language model, store conversation history, or deliver email. Under GDPR Article 28(2) we are required to inform you about every such party and about the safeguards we have in place so that your data is protected to the same standard we maintain ourselves.

The table below contains the complete, current list of all sub-processors AiSigma uses in production. We update this list every time it changes — you can subscribe to notifications in the section below to be informed in advance whenever a new sub-processor is added.

Active sub-processors

OpenAI, Inc.
Service
Language model API (LLM) + embeddings
Location
USA
Data accessed
Message content (transient processing, no training)
Safeguards (SCCs / DPA)
Standard Contractual Clauses (SCCs) + OpenAI DPA, training opt-out (API)
Supabase, Inc.
Service
Postgres database + pgvector (semantic memory)
Location
Frankfurt (EU) — data residency; parent company in USA
Data accessed
Conversation content + embeddings (stored)
Safeguards (SCCs / DPA)
Supabase DPA + EU region (Frankfurt), at-rest encryption
Vercel, Inc.
Service
Web hosting + serverless functions (Edge / Node)
Location
USA + global edge POPs (incl. EU)
Data accessed
Request metadata (IP, User-Agent, timestamp) — no chat bodies in logs
Safeguards (SCCs / DPA)
Standard Contractual Clauses (SCCs) + Vercel DPA
Resend, Inc.
Service
Transactional email delivery (contact form)
Location
USA
Data accessed
Recipient email address + message body
Safeguards (SCCs / DPA)
Resend DPA, TLS in transit, limited log retention
GoDaddy (Titan Email)
Service
Mailbox junior@aisigma.pro (inbound)
Location
USA
Data accessed
Inbound mail to the administrator — not customer data processed under the service
Safeguards (SCCs / DPA)
N/A for customer DPA (owner-administrative mailbox)
Stripe, Inc.
Service
Payment processor (when activated)
Location
USA
Data accessed
Billing data (name, email, country) — no chat content
Safeguards (SCCs / DPA)
Stripe DPA + SCCs, PCI-DSS Level 1

Notify me of changes / Powiadom mnie przy zmianie

Enter your email to be notified when we add, change, or remove a sub-processor. We send change notifications only — no marketing.

After signing up, we will send a confirmation email (double opt-in). You can unsubscribe at any time.

Change log

A chronological record of every change made to the sub-processor list.

  • June 21, 2026Initial publication of the sub-processor list.

Questions about this list or our DPA documentation: junior@aisigma.pro

← Back to home

© 2026 AiSigma