Skip to main content
Solvgent
Legal
Last updated · 2026-05-19

Sub-processors

Solvgent (itligt) engages the third-party processors listed below to deliver the service. We chose each one for a specific data-handling reason — region, contractual posture, scope of access — and each is bound by a Data Processing Agreement plus the EU Standard Contractual Clauses or the EU–US Data Privacy Framework. Customer-facing data stays in the EU wherever practical. When the list changes, this page updates within 30 days; customers on Agency Pro and above receive direct notice.

Cloudflare, Inc.

USA

Edge delivery, DDoS protection, and DNS — no customer-data inspection beyond standard request logging, and Workers traffic terminates close to the EU user.

Purpose
CDN, DNS, security services
Region
USA (EU processing available)
Transfer mechanism
EU–US Data Privacy Framework + SCCs
Data categories (GDPR Art. 28(3)(a))
Request IPs (logged ≤24h for DDoS attribution), TLS termination metadata; no payload caching of authenticated routes.

Neon, Inc.

EU data center

Managed Postgres with EU data residency, branching for safe migration testing, and point-in-time recovery for restore drills.

Purpose
Database hosting
Region
EU data center
Transfer mechanism
EU–US Data Privacy Framework + SCCs
Data categories (GDPR Art. 28(3)(a))
All application data at rest: account identifiers, organization metadata, brand assets, AI generation logs, billing state, audit log.

Hetzner Online GmbH

Germany

EU-controlled physical hosting in Germany — chosen specifically because no customer data is transferred to non-EU jurisdictions in normal operation.

Purpose
Infrastructure hosting
Region
Germany
Transfer mechanism
EU controller — no third-country transfer
Data categories (GDPR Art. 28(3)(a))
Encrypted application data in transit and at rest on EU-hosted compute and storage volumes.

Anthropic, PBC

United States

Primary AI inference for Brand Brain learning, operating under enterprise terms that prohibit training foundation models on Solvgent customer prompts or generated content.

Purpose
AI content generation
Region
United States
Transfer mechanism
EU–US Data Privacy Framework + SCCs
Data categories (GDPR Art. 28(3)(a))
User-submitted prompts plus brand context (voice, audience, do/don't rules) and the resulting drafts. Not used to train foundation models per contractual commitment.

Stripe, Inc.

USA

Subscription billing, invoicing, and tax handling — payment card data never touches Solvgent infrastructure; tokenization is enforced at the form layer.

Purpose
Payment processing
Region
USA (EU branch available)
Transfer mechanism
EU–US Data Privacy Framework + SCCs
Data categories (GDPR Art. 28(3)(a))
Customer identifiers, billing address, payment tokens, invoice line items. Card PANs never reach Solvgent infrastructure — tokenization happens in the browser.

Resend, Inc.

United States

Transactional email (verification, notifications, billing) — DKIM, SPF, and DMARC enforced; no marketing email is dispatched without explicit opt-in.

Purpose
Email delivery
Region
United States
Transfer mechanism
EU–US Data Privacy Framework + SCCs
Data categories (GDPR Art. 28(3)(a))
Recipient email address, message subject, message body, delivery state (sent/bounced/complained). Headers signed with DKIM at the SES upstream.

Functional Software, Inc. (Sentry)

United States

Application error and exception monitoring — PII scrubbing is applied at the SDK layer; only stack traces and request identifiers reach the upstream service.

Purpose
Error monitoring
Region
United States
Transfer mechanism
EU–US Data Privacy Framework + SCCs
Data categories (GDPR Art. 28(3)(a))
Error stacks, request identifiers, runtime metadata. Auth headers, cookies, Stripe signatures, and password fields are scrubbed at the SDK layer before transmission.

OpenAI, L.L.C.

United States

Used as a fallback model and for specialized completion tasks. Operating under enterprise terms that prohibit training foundation models on Solvgent customer prompts or generated content.

Purpose
Secondary AI inference (fallback / specialized models)
Region
United States
Transfer mechanism
EU–US Data Privacy Framework + SCCs
Data categories (GDPR Art. 28(3)(a))
User-submitted prompts and the resulting completions, used only on fallback paths when the primary model is unavailable. Not used to train foundation models per contractual commitment.

PostHog Inc.

Germany

Aggregate product-usage analytics on the EU-hosted PostHog Cloud instance in Frankfurt. Cookieless mode; no PII forwarded.

Purpose
Product analytics
Region
Germany (EU instance)
Transfer mechanism
EU controller — no third-country transfer
Data categories (GDPR Art. 28(3)(a))
Event identifiers, page paths, anonymized user IDs, viewport size. No email addresses or other PII. Cookieless mode.

Notification of changes: Solvgent publishes proposed additions to the sub-processor list on this page at least 14 days before they take effect. Customers on the Business, Agency Pro, and Enterprise plans may object in writing to privacy [at] solvgent [dot] com within that window, in which case Solvgent will either offer a workable alternative or grant the customer a pro-rated exit.

Scope of processing: Each sub-processor is engaged only for the purpose listed above and acts on documented instructions from Solvgent. Upstream AI providers are bound by their enterprise terms not to train foundation models on customer prompts or generated content.

Questions: For a full Data Processing Agreement, SCCs, or any sub-processor question, contact privacy [at] solvgent [dot] com .

Get notified when this list changes

Compliance officers and IT reviewers can subscribe via email. We send a single message per change, no marketing.

Subscribe →