Privian
Get Started

Resources

Subprocessors and provider relationships

Who Privian relies on to operate, which model providers requests can be routed to, and what BYOK changes.

Read the data pathSecurity

Context

Why this page exists

Subprocessors are simply the third-party services Privian uses to operate. Enterprise procurement reviews ask about them; this page exists to give a calm, directional answer.

This is not a legal document. For procurement-grade subprocessor lists and data-processing arrangements tied to a specific deployment, contact support and we will follow up directly. We deliberately do not invent a legal posture we cannot stand behind in a contract review.

Operating Privian

Operational subprocessor categories

Categories rather than vendor names, kept directional. The exact provider list is shared on request for procurement.

  • Infrastructure

    Hosting and database

    Privian's data plane runs on serverless infrastructure with a managed Postgres-compatible database for account, billing, BYOK and usage data. Raw prompt and response bodies are not written.

  • Payments

    Billing processor

    Subscription and usage billing is handled by a third-party payments provider. Payment method data is held by that processor, not by Privian.

  • Email

    Transactional email

    Operational emails (verification, account events) are sent through a third-party email provider.

  • Analytics

    Product analytics

    Marketing-site analytics are minimal and consent-gated. Application analytics do not contain prompt or response bodies.

Model providers

Managed model providers requests can be routed to

With BYOK, the relationship with the model provider is yours, not Privian's.

  • OpenAI
  • Anthropic
  • Google (Gemini)

The supported provider list evolves. See BYOK for how credentials are handled and data path for what reaches the provider on each request.

Trust boundary

BYOK boundary explained

With BYOK the upstream provider call is authenticated by your credential, not by a Privian-pooled key.

  • Your provider credential is stored AES-GCM encrypted at rest.
  • On each request the credential is decrypted in process only, used to authenticate the upstream call, and discarded when the request ends. A plaintext copy is not retained.
  • Provider-side billing, rate limits and terms apply to your account with that provider — not to Privian.

Retention

What Privian stores and does not store

Stored

  • Account, billing and team metadata.
  • BYOK provider credentials, encrypted at rest with AES-GCM and decrypted only in process for the duration of a request.
  • API keys, stored as one-way hashes.
  • Usage rollups (token counts, request counts, latency aggregates) per period.
  • Sanitized observability events — request id, model id, status, error class, timing. No prompt or response content.

Not stored

  • Raw prompt bodies.
  • Rehydrated response bodies.
  • The per-request entity mapping (PERSON_1 → original value). In-memory only.
  • Decrypted provider keys outside the lifetime of a single request.

FAQ

Frequently asked questions

What is a subprocessor in this context?
A third-party service that processes data on Privian's behalf as part of operating the product. For example, hosting infrastructure, the billing processor and the transactional email provider.
Are managed model providers (OpenAI, Anthropic, Google) Privian's subprocessors?
When you use BYOK, the relationship with the model provider is yours — your credential, your billing, your provider-side terms. Privian routes the request and the provider's terms apply directly between your organization and them. Always check your own contractual position with the provider you choose.
What does the BYOK boundary change?
BYOK means the upstream provider call is authenticated with your own credential. Billing, provider-side rate limits and provider-side terms apply to your account at that provider, not to Privian's. Privian decrypts the credential in process for the request and does not retain a plaintext copy.
Does Privian retain prompts or responses?
No. Raw prompt bodies and rehydrated response bodies are not persisted. Privian retains structural counters and sanitized observability events, plus account, billing, hashed API keys and AES-GCM-encrypted BYOK credentials.
Where can I get the current list for a procurement review?
Email support and request the current subprocessor list along with the information your procurement process needs. We try to keep this page directionally accurate, but for procurement-grade documentation we follow up directly.
Does Privian have a DPA, HIPAA BAA, SOC 2 or ISO certification?
Privian does not claim HIPAA, SOC 2, PCI or ISO certifications at this time. We are happy to discuss data-processing arrangements for specific deployments; please contact support to start that conversation.

Keep reading

Related

Trust

Related trust resources

The same picture from different angles — procurement-friendly references.