Sub-processors register
Last updated: 20 May 2026
This page is the authoritative, version-dated list of sub-processors olyteck uses to operate Knowledge. Each entry links to the sub-processor's own privacy / DPA documentation so you can verify the claim independently. Material changes are announced by email to workspace administrators at least 30 days before they take effect, per the DPA §6.
1. Hosting infrastructure
| Provider | Role | Region | Reference |
|---|---|---|---|
| Scaleway SAS | Application server, MariaDB primary, cron workers, off-site backup | Server in France (Paris, PAR1); host’s registered office in Ukraine | https://www.scaleway.com/ |
All customer documents, embeddings, conversation history and audit logs reside on the server in France (Paris, PAR1). The host has no logical access to customer content above the storage volume level (encryption at rest is provided by the underlying infrastructure).
2. Identity
| Provider | Role | Region | Reference |
|---|---|---|---|
| Microsoft Ireland Operations Ltd. | OIDC sign-in (Entra ID / Azure AD). Microsoft handles authentication; Knowledge sees only the ID token and a few claims (oid, tid, email, name). No Microsoft Graph data is read. | Ireland (EU) | Microsoft Products and Services DPA |
3. AI providers (LLM & embeddings)
The Customer's workspace admin picks per-agent which AI provider's model is used. All four providers below publish a "we do not train models on customer API data" stance for the endpoints Knowledge calls. Verify by following the links.
| Provider | Role | Region | "No training on API data" reference |
|---|---|---|---|
| Google Ireland Ltd. | Gemini embeddings (gemini-embedding-001) on every document chunk during ingest; Gemini Flash / Gemini Pro chat completions when selected as the agent's model |
EU / EEA (Gemini API serves from EU regions) | Gemini API Additional Terms — Paid Services: "Google doesn't use your prompts or responses to improve our products" |
| Mistral AI | Chat completions for Mistral Small / Mistral Large when selected | Paris, France (EU) | Mistral La Plateforme Terms — Data Protection: La Plateforme API customer data is not used for model training. |
| OpenAI, LLC | Chat completions for GPT-4o mini / GPT-4o / GPT-4 Turbo when selected | United States — EU SCCs (Commission Decision 2021/914) + EU-US Data Privacy Framework | OpenAI API Data Usage Policies: "OpenAI does not train its models on inputs and outputs through our API" (since 1 March 2023) |
| Anthropic, PBC | Chat completions for Claude Haiku / Claude Sonnet / Claude Opus when selected | United States — EU SCCs + EU-US Data Privacy Framework | Anthropic Privacy Center — How we use personal data in model training: commercial API traffic is not used to train Claude. |
In addition, olyteck itself does not train any model on Customer content. See Privacy Policy §4.
4. Billing
| Provider | Role | Region | Reference |
|---|---|---|---|
| Stripe Payments Europe, Ltd. | Subscription billing (Checkout, customer portal, webhooks), EU VAT collection via Stripe Tax. Card data is entered into Stripe's hosted Checkout and never reaches Knowledge. | Ireland (EU) | Stripe Data Processing Agreement |
5. Transactional email
Transactional email (billing receipts, account-state notifications, security alerts) is sent from no-reply@olyteck.com. Until a dedicated EU email-relay provider is contracted, transactional email is sent through the same hosting infrastructure described in §1; no separate third-party email vendor processes Customer data. When a dedicated provider is engaged, this section will be updated and a 30-day notice will go to workspace administrators per DPA §6.
No marketing email is sent without an opt-in checkbox; see Privacy §16.
6. Domain & DNS
| Provider | Role | Region | Notes |
|---|---|---|---|
| adm.tools (Internet Invest LLC) | Domain registration and DNS for the olyteck.com zone | Ukraine | No customer document data is sent to the registrar; DNS-only traffic. Listed for completeness. |
7. What this list does NOT include
- No advertising or ad-tech vendors.
- No marketing analytics inside the authenticated app.
- No "data brokers" of any kind.
- No outbound calls to any AI provider not listed in §3.
- No CDNs that see Customer content (static assets are served from the same EU-27 host).
8. Notification & objection
We notify workspace administrators by email at least 30 days before adding or replacing a sub-processor that materially handles Customer personal data. The Customer may object on reasonable grounds; if the parties cannot agree on an alternative, the Customer may terminate the affected portion of the Service for cause. See DPA §6 for the full procedure.
To raise an objection or to subscribe to sub-processor change notifications outside the default admin-email channel, email privacy@olyteck.com.