Legal · CAO Studio
Subprocessors / LLM Providers
Last updated: 2026-05-23
This page lists the subprocessors CAO Studio currently uses, including the hosting provider and the LLM provider that powers CAO Brain. CAO Studio names providers here, and only here, so procurement and data-protection officers can find the provider-specific detail in one place — and so the rest of CAO Studio's public copy stays provider-neutral.
For the broader story of which deployment uses which data flow, see the Deployment Models page. To request a Data Processing Addendum, see the DPA overview.
Subprocessors in use
| Provider | Service purpose | Data processed | Processing location | Retention / logging | Transfer mechanism | Applies to SaaS | Applies to client-server | Notes |
|---|---|---|---|---|---|---|---|---|
| Railway | Application hosting for the SaaS deployment and the central CAO Server | Application code; operational logs; license records on the CAO Server | EU (Frankfurt region) | Operational logs 30 days; no customer content stored | EU only | Yes | Yes | Hosts the central CAO Server in both deployment modes. Customer workshop content lives on the consultant's installation in the client-server mode; only license validation reaches the CAO Server. |
| Google Cloud (GCP) | Underlying IaaS provider used by Railway for EU compute (Frankfurt region) | Indirect — the same application data Railway processes; GCP provides the virtual-machine + storage substrate Railway operates on | europe-west3 (Frankfurt, Germany) | No independent retention beyond what Railway operates; GCP does not access CAO Studio data directly | EU only | Yes | Yes | Sub-processor of Railway (named above), disclosed here per GDPR Art. 28(2) transparency. No direct contractual relationship between CAO Studio and Google; Railway's DPA covers the chain. Region pinned to europe-west3 (Frankfurt) per Railway's EU service deployment. |
| OpenAI | LLM provider for CAO Brain (summaries, analysis, recommendations, reports) | Prompt + completion text only. No fine-tuning data, no Assistants threads, no file uploads. | OpenAI Ireland Ltd., Dublin, Ireland | EU data residency + Zero-Data-Retention (ZDR) addendum requested 2026-06-01; pending OpenAI countersignature. Until ZDR is confirmed, OpenAI's default 30-day abuse-monitoring retention of API request and response payloads applies. No use of inputs for model training (API-traffic default-off since 2023-03). | EU data residency on eligible endpoints requested; pending OpenAI confirmation | Yes | Yes | Called via the CAO Server in both deployment modes. The CAO Server processes each AI request transiently; the consultant's installation never holds an OpenAI API key. EU residency + ZDR upgrade requested 2026-06-01 — see Backlog Feature 29.2 for the pending-artifacts list. |
| Resend | Transactional email (welcome, password reset, license issuance, plan expiry notices) | Recipient email address + name; transactional message body (one-time tokens, license keys, account-lifecycle events). No marketing email. No access to customer workshop content. | Resend Inc., Delaware, United States | Send-log retained at the provider per its standard retention; no copy of customer workshop content is sent | Standard Contractual Clauses (Module 2: Controller-to-Processor); EU-US Data Privacy Framework where the provider self-certifies | Yes | No | Used only for service-administrative messages from the SaaS backend and the central CAO Server. The consultant's installation does not send transactional email in the client-server deployment. |
We will update this page before onboarding a new subprocessor that processes customer-related data on CAO Studio's behalf. The Data Processing Addendum (see DPA overview) carries the contractual cross-reference.
Questions about a specific subprocessor? Email info@creatingagileorganizations.com.