# Amicus — Sub-processor List

**Live page (authoritative)**: https://lab.ai/security/sub-processors
**Version**: 1.0
**Last updated**: 6 May 2026
**Next scheduled review**: Q3 2026

---

## How this list works

Amicus engages the third-party services ("Sub-processors") listed below to deliver our products. Every Sub-processor is bound by a written agreement that imposes data-protection obligations no less protective than those Amicus owes to its customers under our Data Processing Agreement (DPA).

We organize this list into three **activation tiers** so customers can see exactly which vendors are in their data flow today, and which become relevant only if they enable a specific feature:

- **Always** — Foundational sub-processors that are part of every Amicus deployment.
- **Conditional** — Used only when a specific product feature, channel, or workflow is enabled by the customer. If the feature is not enabled, the vendor never sees customer data.
- **Internal** — Used to operate Amicus the company (billing, anti-fraud, observability of our platform). Listed for transparency; these vendors do not access customer business content.

We notify customers at least **30 days in advance** of any addition or replacement of a sub-processor. To subscribe, contact `security@lab.ai`.

---

## 01 · Foundation Models

Every model provider listed below is contractually bound to **not train on customer data**, regardless of their default consumer terms.

| Sub-processor | Purpose | Activation | Processing Region | Notes |
|---|---|---|---|---|
| **Anthropic** | Primary LLM (Claude family) — chat, reasoning, document Q&A | Always | US (us-east-1, us-west-2); Singapore (ap-southeast-1) via AWS Bedrock for SEA-resident tier | Zero data retention via API. No training on customer data. Enterprise terms in place. |
| **OpenAI** | Alternate LLM (GPT family) and embeddings | Always | US (api.openai.com); Japan East via Azure OpenAI for AP-resident tier | API data not used for training. 30-day abuse-monitoring retention by default; zero retention available on request. |
| **Google (Vertex AI / Gemini)** | Multimodal LLM (Gemini family), vision, structured extraction | Always | Singapore (asia-southeast1) default; Jakarta (asia-southeast2); Bangkok (asia-southeast3) where available | Vertex AI default = no training, no logging beyond serving. In-region inference. |
| **Cohere** | Specialized embeddings, classification, reranking | Conditional | US (us-east-1); EU (Frankfurt) | Used only for retrieval pipelines that benefit from Cohere reranker. No training on customer data. |
| **ElevenLabs** | Voice synthesis (text-to-speech) | Conditional | US, EU | Enabled only for voice-enabled products. Enterprise tier — no training, configurable retention. |
| **Azure Speech (Microsoft)** | Speech-to-text and TTS (alternate path) | Conditional | Southeast Asia (Singapore); Japan East | Used when Microsoft voice path is preferred. No training on customer data per Azure terms. |
| **FAL** | Image generation models (Flux, SDXL, etc.) | Conditional | US, EU (multi-cloud GPU) | Enabled only for image-generation features. Generated outputs only; no customer document data sent. |

---

## 02 · Cloud & Compute Infrastructure

| Sub-processor | Purpose | Activation | Processing Region | Notes |
|---|---|---|---|---|
| **Google Cloud Platform (GCP)** | Compute (Cloud Run, Cloud Functions), object storage, KMS, networking | Always | Singapore (asia-southeast1) default; Bangkok (asia-southeast3) for Thailand-resident tier | Encryption at rest with customer-managed keys (BYOK) on enterprise tier. Customer-selectable region. |
| **Firebase (Google)** | Authentication, Firestore (app data), Cloud Storage, Cloud Functions | Always | asia-southeast1 (Singapore); Bangkok available where supported | Built on GCP. Same residency commitments as GCP. Auth tokens handled stateless. |
| **Modal** | Background compute jobs (long-running ML workloads, batch processing) | Conditional | US primary, EU available | Used for compute-heavy workflows. Job inputs ephemeral; deleted after execution. SOC 2 Type II. |
| **RunPod** | GPU compute for custom inference and fine-tuning | Conditional | Customer-selectable: Singapore, India, US, EU | Used only for customer-specific custom model jobs. Per-job container isolation. |

---

## 03 · Databases & Vector Storage

| Sub-processor | Purpose | Activation | Processing Region | Notes |
|---|---|---|---|---|
| **Supabase** | Postgres database, authentication, file storage (alternate to Firebase) | Conditional | Singapore (ap-southeast-1); Tokyo, Mumbai available | Used when relational schema or row-level security is preferred. SOC 2 Type II. DPA aligned. |
| **Upstash Redis** | Caching, rate limiting, session storage, ephemeral state | Always | Singapore (ap-southeast-1) default | Cache TTL ≤ 24 hours. No persistent customer data. SOC 2 Type II. |
| **Upstash Vector** | Vector database for retrieval-augmented generation (RAG) | Always | Singapore (ap-southeast-1) default | Stores document embeddings, not raw documents. Per-tenant namespace isolation. Encrypted at rest. |
| **TimescaleDB Cloud** | Time-series analytics (event logs, usage metrics) | Conditional | Singapore (ap-southeast-1); Tokyo | Enabled for Analytics Agent deployments. Hosted on AWS. SOC 2 Type II. |
| **InfluxDB Cloud** | High-frequency metrics ingestion (IoT, observability) | Conditional | AWS (no SEA region; closest is Sydney ap-southeast-2) | Used only for high-frequency metric workloads. Cross-border flow disclosed in customer DPA. Customer can opt out. |
| **MotherDuck** | DuckDB-based analytical workloads (advanced Analytics Agent) | Conditional | US East primary; EU available | Conditional on advanced analytics features. Cross-border flow disclosed; customer can opt out. |
| **FalkorDB** | Knowledge graph storage (entity resolution, graph queries) | Conditional | AWS multi-region (customer-selectable) | Used for graph-heavy workflows. Self-hosted option available for Customer-VPC tier. |

---

## 04 · Communications & Delivery

| Sub-processor | Purpose | Activation | Processing Region | Notes |
|---|---|---|---|---|
| **SendGrid (Twilio)** | Transactional email (system notifications, password reset, alerts) | Always | US primary; EU available on enterprise tier | Recipient email + minimal context only. No customer documents. Cross-border flow disclosed in DPA. |
| **Twilio** | SMS, voice notifications, WhatsApp delivery | Conditional | Tokyo region for AP traffic | Enabled only for SMS/voice channels. Phone numbers + message content; minimal retention. |

---

## 05 · Specialized Integrations

| Sub-processor | Purpose | Activation | Processing Region | Notes |
|---|---|---|---|---|
| **Didit** | Identity verification (KYC), document & biometric checks | Conditional | EU (Spain) | Enabled only for KYC-required workflows (FSI). Cross-border flow disclosed; customer must opt in. |
| **Mapbox** | Map tiles, geocoding (location-aware products) | Conditional | US primary; EU available | Coordinate lookups only. No identifiable user data sent. |
| **Google Maps Platform** | Alternate mapping/places API | Conditional | Google global (no specific data residency) | Used as alternate to Mapbox where Google Places is preferred. |
| **Bright Data** | Web scraping infrastructure (public web data only) | Conditional | Israel HQ; global proxy network | Enabled only for Social Research Agent. Public web data only — no customer data sent. |
| **Massive** | Alternate web data network (residential proxies) | Conditional | Global | Alternate to Bright Data. Public web data only. |

---

## 06 · Amicus-Internal Sub-processors

> Listed for transparency. These vendors do not have access to customer business content.

| Sub-processor | Purpose | Activation | Processing Region | Notes |
|---|---|---|---|---|
| **Stripe** | Subscription billing, payment processing | Internal | Singapore (data residency available) | Billing contact + payment method only. No business content. PCI-DSS Level 1. |
| **RevenueCat** | Mobile subscription management | Internal (where Amicus apps are mobile-distributed) | US | App-store entitlement state only. No business content. |
| **Google reCAPTCHA** | Bot protection on public-facing forms | Internal | Google global | Visitor signal data only. No customer business content. |
| **RudderStack** | Product usage analytics pipeline (internal observability) | Internal | Singapore (data plane available) | Aggregated usage events for service improvement. Customer can opt out via DPA addendum. |

---

## Change log

| Date | Version | Change |
|---|---|---|
| 6 May 2026 | 1.0 | Initial publication. 22 sub-processors documented across 6 categories. Activation tier system established. |

---

## Subscribe to changes

To receive 30-day advance notice of any change to this list, email `security@lab.ai` with the subject line "Subscribe to sub-processor updates" and the customer name your subscription is associated with.

---

© 2026 Amicus. This document supersedes all prior versions.