Trust and Transparency
Authorized Sub-processors
Effective Date: May 15, 2026 — Last Updated: May 15, 2026
Overview
DEVUP AI utilizes a select number of industry-standard infrastructure partners ("sub-processors") to deliver the Platform securely and reliably. Each sub-processor is contractually bound by a Data Processing Agreement (DPA) that governs data access, retention, and security obligations in accordance with Algerian Law 18-07 on the protection of personal data.
This page provides a transparent disclosure of the sub-processors currently authorized to process data on behalf of DEVUP AI. For questions about our sub-processor practices, contact us at support@devupai.com.
Authorized Sub-processor List
| Sub-processor | Purpose | Data Processed | Data Center Region | Retention Policy |
|---|---|---|---|---|
| Supabase | Database hosting, user authentication, and session management | Account data (email, hashed credentials), billing records, API usage metadata (timestamps, token counts, costs). Does NOT include inference content (prompts/completions). | United States (US East) | As defined in our Privacy Policy — account data retained for account lifetime + 30 days; billing records retained for 10 years per Algerian tax law. |
| Vercel | Frontend hosting, edge functions, and API gateway routing | Technical data (IP address, request headers, browser metadata) for edge routing and serverless function execution. Does NOT include inference content. | Global Edge Network | Transient — request-level data is processed in real-time for routing and not persisted beyond standard serverless execution logs. |
| Tier-1 Cloud GPU Infrastructure (Nebius, RunPod, Lambda Labs) | Ephemeral AI model inference and compute. We leverage a distributed network of leading global compute providers to execute AI inference workloads. Our infrastructure network includes, but is not limited to, Nebius, RunPod, and Lambda Labs. | Inference payloads (prompts and completions) transmitted securely for immediate processing. Held strictly in volatile memory (RAM/VRAM). | International (distributed across provider regions) | Zero persistent storage. Payloads are transmitted for immediate processing, held strictly in volatile memory (RAM), and instantly purged. None of these sub-processors are permitted to store customer inference data or use it for model training. |
Infrastructure Compliance & Certifications
| Partner | Infrastructure Role | Data Processing Limits | Certifications |
|---|---|---|---|
 | Ephemeral AI Compute | Volatile memory only. Instant purge. No training. | SOC 2 Type IIISO 27001GDPR |
 | Ephemeral AI Compute | Volatile memory only. Instant purge. No training. | SOC 2 Type IIISO 27001GDPR |
 | Ephemeral AI Compute | Volatile memory only. Instant purge. No training. | SOC 2 Type IIISO 27001GDPR |
 | Database & Authentication | Account & billing data only. No inference content. | SOC 2 Type IIISO 27001GDPR |
 | Frontend Hosting & Edge Routing | Transient routing metadata. No persistent inference logs. | SOC 2 Type IIISO 27001GDPR |
The compliance certifications listed above are maintained independently by our respective Tier-1 infrastructure sub-processors. DEVUP AI leverages these highly secure environments to ensure professional data protection.
Data Processing Safeguards
All authorized sub-processors are subject to the following requirements:
- Contractual Obligations: Each sub-processor is bound by a Data Processing Agreement (DPA) that restricts data usage to the specific purposes outlined in this document.
- Encryption: All data transmitted to and from sub-processors is encrypted using TLS 1.3.
- Access Control: DEVUP AI maintains exclusive application-layer control over all workloads running on sub-processor infrastructure. Administrative access to inference environments is restricted to authorized DEVUP AI personnel only.
- No Training Use: No sub-processor is authorized to use any DEVUP AI user data for model training, analytics aggregation, or any purpose beyond the specific service they provide.
- Compliance:Sub-processor selection and management is conducted in accordance with the international data transfer requirements of Articles 44–45 of Algerian Law 18-07.
Changes to This List
DEVUP AI reserves the right to update this sub-processor list as infrastructure needs evolve. Material changes (such as adding a new category of sub-processor or changing the data center region for persistent data) will be reflected on this page with an updated "Last Updated" date. We encourage users to review this page periodically.
Contact
For questions regarding our sub-processor practices or to request a copy of any applicable Data Processing Agreement, please contact:
- Email: support@devupai.com
For related legal documents, see our Terms of Service and Privacy Policy.