Sub-processors
This page is the canonical, customer-facing list of sub-processors engaged for the lynox Managed Hosting service. The same list is mirrored in the public source repository at SUBPROCESSORS.md and is referenced inline from the Privacy Policy and the Data Processing Agreement. If any version diverges, the DPA prevails.
The self-hosted lynox software (@lynox-ai/core) engages no sub-processors. When you run lynox on your own infrastructure, the software only communicates with the LLM provider whose API key you configure. This list applies only to lynox AI's managed offering.
Current sub-processors
| Sub-processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Anthropic, PBC | Primary LLM inference (Claude family, direct API) | United States | EU-US Data Privacy Framework + SCCs (Module 2/3, 2021/914); zero-retention contractual commitment |
| Mistral AI SAS | LLM inference for secondary and background tasks, and as fallback provider (Mistral Large family, direct API) | France (EU) | EU; zero-retention contractual commitment |
| OpenAI, L.L.C. | LLM inference — engaged only if the customer enables the OpenAI-compatible provider via BYOK | United States | SCCs (Module 2/3, 2021/914); subject to OpenAI's own DPA |
| Stripe, Inc. | Payment processing and subscription billing | United States / EU | EU-US Data Privacy Framework + SCCs |
| Hetzner Online GmbH | Server infrastructure — shared tenant hosts (isolated container per customer); dedicated VPS as Enterprise upgrade | Germany (EU) | EU |
| Brevo (Sendinblue SAS) | Transactional email delivery (SMTP relay) and contact list management | EU (France/Germany) | EU |
| Cloudflare, Inc. | DNS, CDN, DDoS protection, tunnel relay | United States / EU (edge network) | EU-US Data Privacy Framework + SCCs |
| Plausible Insights OÜ | Anonymous website analytics (no personal data) | EU (Estonia) | EU |
| Google LLC | Marketing measurement on lynox.ai only — Google Analytics 4 + Google Tag Manager (Consent Mode v2; fires only with marketing consent via Klaro). Not engaged for any data flow inside the Managed Hosting service. | United States | EU-US Data Privacy Framework + SCCs (Module 2/3, 2021/914) |
| Self-hosted (Bugsink) | Error reporting (always active for managed instances) | EU (self-hosted on lynox infrastructure) | No third-party transfer |
Change notification
We notify Managed Hosting customers at least 30 days in advance of any addition or replacement of sub-processors, per section 8.4 of the DPA. To subscribe to sub-processor change notifications or object to a change, contact [email protected].
Contact
For questions about sub-processors:
[email protected] · EU representative: Prighter portal