Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / ARX Subprocessors

Documentation

ARX Subprocessors

arxsec-site / docs/legal/subprocessors.md

arxsec-site governance docs/legal/subprocessors.md

Subprocessors

ARX (Hammerpath, Inc.) uses the third-party services below to operate the platform. Each entry includes the legal entity, the role it plays, the data categories it processes, the region(s) it operates in, and the contractual basis for the relationship.

Customers receive notification of any addition to this list with at least 30 days' lead time, per the master DPA. Material changes to an existing entry's data handling (e.g., a sub-processor changing region or losing a key certification) are notified immediately.

How to read this list

  • Role — what the sub-processor does for ARX.
  • Data categories — what kinds of data may flow to the sub-processor under normal operation.
  • Region — where the sub-processor operates the relevant service.
  • Basis — the contractual instruments in place. Standard Contractual Clauses (SCCs) are noted where the sub-processor is outside the customer's region.
  • Last review — the most recent vendor-risk review or contract renewal.

Infrastructure

| Sub-processor | Role | Data categories | Region | Basis | Last review | |---|---|---|---|---|---| | Aptible, Inc. | Hosting infrastructure (containers, databases, network). SOC 2 Type II / HIPAA / ISO 27001. | All customer data at rest. | US (primary), EU (optional per-tenant). | DPA, BAA available, SCCs for EU traffic. | 2026-Q1 | | Amazon Web Services, Inc. | Underlying cloud (via Aptible). KMS for at-rest keys; S3 for witness-bucket pattern when customer chooses an AWS bucket. | All customer data at rest. | US, EU. | AWS DPA + SCCs as applicable. | 2026-Q1 | | Cloudflare, Inc. | CDN, edge network, DDoS protection. | Request metadata; transient body content not stored. | Global. | DPA + SCCs. | 2026-Q1 |

Foundation-model vendors (first-party LLM features only)

These vendors process prompt content only when the customer's agent uses ARX's first-party LLM router (arxsec-api/app/llm/). They do not have access to ARX-stored customer data.

| Sub-processor | Role | Data categories | Region | Basis | Zero-retention | Last review | |---|---|---|---|---|---|---| | Anthropic, PBC | LLM provider (Claude family). Used by the LLM router as a configurable provider. | Prompt content and completions for the duration of the request. | US. | Anthropic Commercial Terms + DPA + SCCs for non-US tenants. | In progress — see DPIA §6 R-1. | 2026-Q2 (in flight) | | OpenAI, OpenAI L.L.C. | LLM provider (GPT family). Used by the LLM router as a configurable provider. | Prompt content and completions for the duration of the request. | US. | OpenAI Business Terms + DPA + SCCs for non-US tenants. | In progress — store=false flag passed; written zero-retention agreement pending. | 2026-Q2 (in flight) |

Customers who require a single foundation-model vendor (rather than the full failover chain) can configure their per-org provider order to a single entry. See LLM router system card "Failover may widen the data-handling commitment" for the rationale.

Operational SaaS

| Sub-processor | Role | Data categories | Region | Basis | Last review | |---|---|---|---|---|---| | Datadog, Inc. | Observability — metrics, traces, logs (operational telemetry only; no customer prompt content). | Operational telemetry, error reporting. | US, EU. | DPA + SCCs. | 2026-Q1 | | Sentry (Functional Software, Inc.) | Error reporting. | Stack traces, exception messages; PII filters configured. | US. | DPA + SCCs. | 2026-Q1 | | PagerDuty, Inc. | On-call paging. | Engineer contact information; incident summaries. | US. | DPA. | 2026-Q1 | | Auth0 (Okta, Inc.) | Customer SSO / SAML / OIDC. | Authentication metadata, user identity claims. | US, EU. | DPA + SCCs. | 2026-Q1 | | Supabase, Inc. | Database / auth backend (where used). | User authentication data; per-tenant data subject to RLS. | US, EU. | DPA + SCCs. | 2026-Q1 |

Customer-controlled relationships (not ARX subprocessors)

The services below are sometimes assumed to be ARX subprocessors but are actually direct relationships the customer holds:

  • MCP server LLM clients (Claude Desktop, Cursor, Goose, etc.). The customer installs these; the LLM relationship is theirs, not ARX's. The MCP server (arx-mcp-server/) is a passthrough; it does not contact a foundation-model vendor itself. See MCP server system card.
  • Customer-side connector targets (CrowdStrike, Splunk, Wiz, ServiceNow, Okta, etc.). These are the systems the customer's agent calls into via ARX connectors — they are the customer's data systems, not ARX subprocessors.

Removed subprocessors

| Sub-processor | Removed | Reason | |---|---|---| | (none yet) | — | — |

Change log

| Date | Change | Notification status | |---|---|---| | 2026-04-27 | Initial publication. Anthropic and OpenAI added explicitly as foundation-model subprocessors used by first-party LLM features. | First publication; no incremental notification required. |

How to receive change notifications

  • Customers with an active subscription are notified automatically via the contact on file in the customer admin console.
  • Public-list watchers can subscribe at the Trust Center (link forthcoming) to receive RSS or email updates.