Subprocessors — AI Security Intelligence

This page identifies the third-party subprocessors and service providers that AI Security Intelligence engages to process data in connection with the delivery of our platform and services. A subprocessor is any third-party data processor that receives, stores, or otherwise handles data on ASI's behalf. We publish this list as a commitment to transparency in our data processing relationships and to support the privacy rights of those whose data we hold.

List current as of March 30, 2026

What Is a Subprocessor?

When AI Security Intelligence uses a third-party vendor to process personal data or platform data on our behalf, that vendor acts as a subprocessor or data processor under applicable privacy regulations, including GDPR and CCPA. Each subprocessor we engage is subject to contractual data processing obligations that require them to protect data with standards equivalent to those we apply internally.

This list covers all material third-party service providers involved in data processing for ASI's platform operations — including cloud infrastructure, AI model inference, analytics, and operational tooling. We conduct due diligence on every subprocessor before engagement and require that each service provider maintain appropriate technical and organizational security measures.

Our Vendor Governance & Due Diligence

Before authorizing any new subprocessor or third-party service provider to process data on our behalf, ASI conducts a formal vendor security review. This review encompasses an assessment of the vendor's security certifications, data residency practices, breach notification commitments, sub-processor chain, and contractual compliance posture. For AI-specific service providers — including model inference platforms and foundation model vendors — we apply an elevated governance standard described in the section below.

All subprocessors are required to sign Data Processing Agreements (DPAs) that govern the scope, purpose, and limitations of any data processing they perform on ASI's behalf. These agreements impose restrictions on secondary use, require prompt breach notification, and mandate data deletion upon contract termination. We review active subprocessors on an annual basis and upon any material change to their services or data practices.

Subprocessor List

The following table identifies all current third-party subprocessors and service providers authorized to process data on behalf of AI Security Intelligence. This list is maintained by our security and operations team and is updated whenever a new subprocessor is added or an existing relationship is materially changed.

Subprocessor / Service Provider	Purpose & Service	Data Processing Location	Security Certifications
Amazon Web Services (AWS)	Cloud infrastructure, hosting, and content delivery network (CloudFront). Primary data processor for compute, storage, and network operations.	US East (N. Virginia)	SOC 2 Type II ISO 27001 FedRAMP
Amazon Bedrock	AI model inference for classification and scoring pipelines. AWS Bedrock provides managed access to foundation models used by our automated scoring infrastructure.	US East (N. Virginia)	SOC 2 Type II ISO 27001
Anthropic (via AWS Bedrock)	Foundation model provider — Claude models used for intelligence analysis, document classification, and natural language processing within our scoring pipelines. Accessed through Amazon Bedrock; no direct data transfer to Anthropic infrastructure.	United States	SOC 2 Type II
Google Analytics	Website analytics and usage metrics. Processes anonymized visitor behavior data to help us understand platform usage and improve the user experience.	United States	SOC 2 Type II ISO 27001
Shodan	Infrastructure scanning service used for external endpoint security assessment as part of our outside-in scoring methodology. No personal data is transmitted to Shodan.	United States	—
Adzuna	Job market data provider. Aggregated hiring data used for talent and culture dimension scoring within ASI's Control Effectiveness Score framework.	United Kingdom	GDPR Compliant
HuggingFace	Model registry scanning for AI governance assessment. Used to evaluate publicly listed model assets as part of our AI-specific risk scoring dimension.	United States	SOC 2 Type II
Slack	Internal team communication and operational alerting. Used for analyst coordination, incident notifications, and platform monitoring alerts. No client data is transmitted via Slack.	United States	SOC 2 Type II ISO 27001
Namecheap	Domain registration and DNS management for aisecurityintelligence.com and related domains. Limited to administrative domain configuration; no operational data processed.	United States	—

AI-Specific Vendor Governance

ASI applies heightened scrutiny to AI vendors and model providers — including foundation model providers and AI inference platforms — given the nature of the data that may flow through these systems during scoring and classification workflows. Our AI vendor governance framework includes the following elements:

Security questionnaire: All AI-specific service providers and model providers complete a structured security questionnaire before authorization. This questionnaire covers model access controls, data retention policies, training data use restrictions, and incident response procedures.
Data residency requirements: For AI inference workloads, we require that data processing occur within defined geographic boundaries consistent with our data residency commitments. Amazon Bedrock and the Anthropic Claude models accessed through it operate exclusively within US infrastructure.
No training on customer data: We contractually prohibit all AI vendor subprocessors from using any data processed on ASI's behalf to train, fine-tune, or otherwise improve their models. This restriction applies explicitly to Amazon Bedrock and Anthropic under our current service agreements.
Ongoing monitoring: AI vendor relationships are reviewed on a continuous basis. Any material change to an AI service provider's data practices, terms of service, or security posture triggers a formal re-evaluation before continued use is authorized.
Minimal data exposure: Our scoring infrastructure is designed to minimize the data passed to AI inference endpoints. Prompts and inputs are structured to contain only what is necessary for the classification or analysis task — no unnecessary personal data or confidential client information is included.

Changes to This Subprocessor List

AI Security Intelligence is committed to maintaining an accurate and current list of all authorized subprocessors and third-party data processors. We update this page whenever:

A new subprocessor or service provider is authorized to process data on ASI's behalf
An existing subprocessor relationship is terminated
A material change occurs in the nature or scope of data processing performed by an existing subprocessor

We endeavor to publish updates to this subprocessor list within 30 days of a change becoming effective. Where required by applicable data protection regulations or client contractual obligations, we will provide advance notice of new subprocessor additions before they become effective.

Clients and partners who have executed a Data Processing Agreement with ASI and who wish to receive proactive notification of subprocessor changes may register for notifications by contacting our data protection team. We maintain a version history of this page to support audit and compliance needs.

"Every third-party data processor we engage is subject to the same scrutiny we apply when assessing AI security posture in others."

Data Processing Inquiries

For questions about our subprocessors, data processing relationships, or to request a copy of our Data Processing Agreement, contact our data protection team:

Email: privacy@aisecurityintelligence.com
Trust Center: aisecurityintelligence.com/pages/trust.html

For broader governance questions, see our AI Governance Framework and Privacy Policy. For responsible AI practices, see our Responsible AI Principles.