Infrastructure & data hosting
| Subprocessor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) — eu-north-1 (Stockholm) | Primary cloud hosting: compute, database, object storage, backups. | EU (Sweden) |
| Cloudflare | CDN, WAF, and DDoS protection for public endpoints. | Global anycast (EU edge for EU traffic) |
AI providers
All AI providers are contracted with no-training and zero/limited-retention terms. EU regions are used where available.
| Subprocessor | Purpose | Location |
|---|---|---|
| OpenAI (Enterprise / API platform) | LLM inference for drafts, summaries, and onboarding guidance. | EU residency where available; otherwise US under SCCs |
| Anthropic | Backup LLM provider for drafts, summaries, and guidance (failover/quality). | EU/US under SCCs |
Operations & support
Communications & email
| Subprocessor | Purpose | Location |
|---|---|---|
| Resend | Transactional email delivery (sign-in, notifications). | EU regions |
| Google Workspace | Internal email and document collaboration at Settio. | EU regions |
Analytics & monitoring
| Subprocessor | Purpose | Location |
|---|---|---|
| Vercel Analytics | Privacy-friendly product and web analytics. | EU regions |
| Sentry (EU region) | Error monitoring for the platform. | EU (Frankfurt) |
Change notifications
How we notify you
We give at least 30 days’ advance notice before adding a new subprocessor or materially changing the purpose of an existing one. Notifications are sent to the email on your account, posted in-product for admins, and reflected on this page.
How to subscribe
Email [email protected] with the subject line “Subprocessor updates” to be added to the notification list.
Right to object
Customers may object to a new subprocessor on reasonable data protection grounds within the notice period. We will work in good faith to address the concern; if we cannot, the customer may terminate the affected Service for cause and receive a pro-rata refund for the unused term.