Legal
Subprocessors
Last updated: 2026-06-07
Privian is in beta. This page describes our current practices and policies in plain language. Material updates will be noted here and on /updates.
This page lists the subprocessors Privian uses to operate the service, and separately the LLM providers that customers may configure themselves under BYOK. See also our DPA overview and /security/data-handling.
Privian subprocessors
These vendors process data on Privian's behalf in order to operate the service.
| Subprocessor | Purpose | Data | Region | Notes |
|---|---|---|---|---|
| Supabase | Authentication, primary database, edge functions, storage | Account data, hashed API keys, encrypted BYOK credential ciphertext, sanitized usage events | EU (Frankfurt) | — |
| Stripe | Billing, subscription management, payment processing | Customer email, subscription status, payment instrument metadata (handled by Stripe) | Global; Stripe acts as an independent controller for payment data | — |
| Hetzner | Infrastructure / VPS hosting for gateway runtime components | Ephemeral request data in memory; sanitized logs | EU (Germany / Finland) — to be confirmed for specific deployment | — |
| Lovable | Marketing website and dashboard application hosting | Public marketing content; authenticated dashboard frontend served to your browser | Global edge | — |
| Google (Analytics 4) | Public marketing-page analytics (consent-gated) | Page views and a small set of CTA events on public marketing pages, only after consent | Global | Disabled by default. Loaded only after explicit analytics consent. Not loaded on dashboard, settings, admin, or gateway endpoints. |
BYOK model providers (customer-selected)
The following are not Privian subprocessors in the traditional sense. They are LLM providers that you select and pay directly, and that you authenticate using your own credentials. They are listed here for transparency because Privian's gateway forwards your masked prompts to them when you configure them as a destination. Privian does not resell access to these providers.
| Subprocessor | Purpose | Data | Region | Notes |
|---|---|---|---|---|
| OpenAI | LLM provider — only when you configure OpenAI as a BYOK destination | Masked prompts and metadata you choose to send | As determined by OpenAI | — |
| Anthropic | LLM provider — only when you configure Anthropic as a BYOK destination | Masked prompts and metadata you choose to send | As determined by Anthropic | — |
| Google (Gemini) | LLM provider — only when you configure Google as a BYOK destination | Masked prompts and metadata you choose to send | As determined by Google | — |
Changes
We will update this page when we add or change a subprocessor. Business customers under a signed DPA will receive notice in accordance with the executed agreement.