// sub-processors

Every vendor that touches tenant data, with purpose and region.

We disclose every sub-processor that handles tenant data, what they do, and the region they operate from. The list updates when we onboard a new vendor; subscribed customers are notified before the change goes live.

// disclosed vendors

The current sub-processor list.

last updated 2026-05-12

Vendor	Purpose	Data accessed	Region
Auth0 (Okta)	Staff and enterprise SSO identity provider.	Authentication identifiers, email, name, organization membership, login metadata.	US / EU (per Auth0 tenant region)
MinIO (Azure Blob backup)	Object storage for tenant uploads, exports, and backups.	Tenant-uploaded knowledge documents, generated exports, encrypted backups.	US
Anthropic (Claude API)	Large-language-model inference for agent responses.	Prompts assembled from tenant knowledge and conversation history. PII is masked before egress where detected.	US
OpenAI Used only when explicitly selected by the tenant.	Large-language-model inference for agent responses (when configured by the tenant).	Prompts assembled from tenant knowledge and conversation history. PII is masked before egress where detected.	US
Twilio	SMS one-time-password delivery and voice telephony (M10).	End-user phone numbers, OTP codes, call metadata, call audio (M10 only).	US
Postmark Or a SMTP-compatible substitute; current SMTP provider is configurable.	Transactional email delivery, including email OTP.	End-user email addresses, OTP codes, transactional notification content.	US

Auth0 (Okta)

Purpose

Staff and enterprise SSO identity provider.

Data accessed

Authentication identifiers, email, name, organization membership, login metadata.

Region

US / EU (per Auth0 tenant region)
MinIO (Azure Blob backup)

Purpose

Object storage for tenant uploads, exports, and backups.

Data accessed

Tenant-uploaded knowledge documents, generated exports, encrypted backups.

Region

US
Anthropic (Claude API)

Purpose

Large-language-model inference for agent responses.

Data accessed

Prompts assembled from tenant knowledge and conversation history. PII is masked before egress where detected.

Region

US
OpenAI

Used only when explicitly selected by the tenant.

Purpose

Large-language-model inference for agent responses (when configured by the tenant).

Data accessed

Prompts assembled from tenant knowledge and conversation history. PII is masked before egress where detected.

Region

US
Twilio

Purpose

SMS one-time-password delivery and voice telephony (M10).

Data accessed

End-user phone numbers, OTP codes, call metadata, call audio (M10 only).

Region

US
Postmark

Or a SMTP-compatible substitute; current SMTP provider is configurable.

Purpose

Transactional email delivery, including email OTP.

Data accessed

End-user email addresses, OTP codes, transactional notification content.

Region

US

Need to be notified the moment this list changes? Email security@primeassist.example and we will add you to the change-notification list.

// third-party risk

Procurement teams can track this list programmatically.

The same disclosure is available as machine-readable JSON for vendor-risk programs. Email us to be added to the change-notification list.

Subscribe to changes Back to trust