Sub-Processor List
Last Updated: May 4, 2026
Last Updated: May 4, 2026
This page lists every third-party organization that processes personal information on behalf of Rideau AI. We update this page whenever we add, remove, or change a processor.
For details on what data each processor receives and where it goes, see our Data-Flow Matrix.
AI Model Providers
These processors receive your conversation content (Input and Output) for AI processing. When PII Shield is enabled, personal information is stripped from your messages before they are sent.
| Provider | Purpose | Location | Training on Your Data? | Safety Retention | No-Training Basis |
|---|---|---|---|---|---|
| Anthropic (Anthropic, PBC) | AI model inference (Claude models) | United States / EU | No | Per DPA (safety monitoring) | Contractual: Commercial Terms §B prohibits training on customer content |
| OpenAI (OpenAI, LLC) | AI model inference (GPT models) | United States and other regions where Azure/OpenAI maintain capacity | No | Up to 30 days | API default: training disabled on all endpoints; account verified OFF |
| Google (Google LLC) | AI model inference (Gemini models) | United States and other regions where Google maintains facilities | No | "Limited period" | Paid API terms: "doesn't use your prompts...to improve our products" |
| Cohere (Cohere Inc.) | AI model inference (Command models) | United States | No | Up to 30 days | Dashboard training opt-out toggled OFF; Enterprise Data Commitments |
Private inference models run on infrastructure controlled by Rideau AI in Canada. They are not sub-processors because your data never leaves our infrastructure.
Service Providers
| Provider | Purpose | Data Received | Location | Privacy Policy |
|---|---|---|---|---|
| Microsoft Azure (Microsoft Corporation) | Cloud infrastructure: hosting, database, key management, file processing | All user data (encrypted at rest via ALE); uploaded documents for text extraction (private endpoint, Canada only) | Canada | Microsoft Privacy Statement |
| Stripe (Stripe, Inc. / Stripe Payments Canada, Ltd.) | Payment processing | Tokenized card data (collected directly by Stripe, never touches our servers), customer ID, subscription events | United States | Stripe Privacy Policy |
| Postmark (AC PM LLC / ActiveCampaign, LLC) | Transactional email delivery (magic links, welcome emails, renewal reminders) | Email address, authentication tokens (single-use, 15-minute expiry) | United States | Postmark Privacy Policy |
| Tavily (AlphaAI Technologies Inc.) | Web search | Search query text and country code (AI-generated; no user identifiers) | United States | Tavily Privacy Policy |
What We Do NOT Use
For the avoidance of doubt, we do not use any of the following:
- Third-party analytics services (no Google Analytics, Mixpanel, Amplitude, PostHog, etc.)
- Advertising networks, retargeting services, or tracking pixels within the Service
- Third-party CAPTCHA services (we use our own Proof-of-Work system)
- Third-party fonts, icons, or CDNs that could track you
- Social media integrations or social login buttons that share data with third parties
- Data brokers, enrichment services, or data resellers
Changes to This List
We will update this page whenever we add, remove, or materially change a sub-processor. If you would like to be notified of changes, contact privacy@rideau.ai.
| Date | Change |
|---|---|
| 2026-04-01 | Initial list published |
For questions about any of our sub-processors, contact our Privacy Officer at privacy@rideau.ai.