Subprocessors & AI
Procurement-oriented summary of how EQUIRE sends data for AI inference—the Vercel AI Gateway vs. direct-provider paths, subprocessors at a glance, and where contracts govern specifics.
Workflow behavior — what humans must approve, chat guardrails, and provenance (TrackedValue) — stays on AI Trust and Safety. Use this page for security questionnaires focused on ingress/egress, subprocessors, and retention posture.
Tenant boundaries and ordinary product isolation are summarized on Data isolation.
EQUIRE executes AI workloads primarily through hosted inference endpoints routed by our application configuration. The exact contractual stack — Vercel, Supabase, model vendors, ancillary email or search tooling — attaches to your order form, Master Agreement, and Data Processing Agreements (DPAs) with Agentic Assets. Published marketing copy cannot replace those instruments.
AI Routing Snapshots
Vercel AI Gateway Path
Deployments that supply Gateway credentials send eligible model traffic via the Vercel AI Gateway using EQUIRE-controlled providerOptions. Where that bundle includes zero-retention-aligned Gateway settings (zeroDataRetention in application wiring), procurement teams routinely map this to questionnaire answers about ephemeral Gateway handling — subject to verifying the matching request shapes actually attach the bundle in production telemetry.
Direct Provider Path
Some deployments deliberately talk to Anthropic (and potentially other vendors) without traversing Gateway. Those paths do not inherit the same Gateway option bundle automatically; diligence must reference the effective provider routing stamped for that environment and align answers with Anthropic/supplier contractual terms supplied under NDA.
Auxiliary AI-Related Processing
- Embedding and retrieval workloads may follow different code paths today; parity with conversational traffic is a stated engineering goal. Treat embeddings as explicitly validated items in questionnaires until uniformity is evidenced.
- Document storage referenced by retrieval remains tenant-scoped per Data isolation.
Not Used for Discretionary Model Training
Across standard routes documented for customers, payloads are exchanged for inference — not offered to improve foundation models. Contractual exclusions and SOC reports from vendors underpin precise wording supplied under NDA rather than summarized here verbatim.
Representative Subprocessors
Institutional SaaS footprints evolve; always request the live subprocessor register packaged with onboarding or compliance questionnaires. Typical categories surfaced in diligence decks include:
| Category | Representative vendors referenced internally |
|---|---|
| Hosting & edge runtime | Vercel |
| Database / auth backbone | Supabase |
| Inference (Gateway route) | Vercel AI Gateway bridging to Claude models |
| Inference (direct route) | Anthropic, others per deployment |
Payment processors (Stripe) and ancillary tooling (email delivery, observability vendors) attach to ancillary flows unrelated to conversational AI routing but still merit subprocessor questionnaires.
Vendor certification snapshots, framework mappings, and customer-specific security questionnaire packets are maintained as refreshed customer security packets shared under NDA. Agentic Assets does not claim a certification unless the corresponding completed report or certificate exists.
Contractual Supremacy
If anything on this web page differs from negotiated terms, your executed agreements and vendor DPAs prevail. Procurement teams needing audit-grade artifacts — subprocessors appendix, questionnaires, SOC reports — should engage security@agenticassets.ai.
Related
- AI Trust & Safety — human checkpoints and product narrative for AI-assisted workflows
- Privacy & deletion — account scopes, grace periods, org-owned deals
- Data isolation — org scoping and deliberate sharing mechanics
Last updated on