Service Providers
We engage the third-party service providers below to help us deliver the ProxAI platform. We will e-mail all account admins at least 30 days before adding a new sub-processor or changing data-location geography.
| Vendor | Purpose | Data types processed | Primary location | Transfer mechanism |
|---|---|---|---|---|
| Amazon Web Services | Cloud hosting, storage | All service data | USA | SCCs 2021 |
| Vercel | Frontend hosting & edge network | Web app data, traffic metadata | USA | SCCs 2021 |
| Railway | Backend API hosting | Server-side processing, API requests | USA | SCCs 2021 |
| PostgreSQL (via Vercel) | Database storage | User data, API usage metadata | USA | SCCs 2021 |
| Stripe | Payment processing | Billing contact, last-4 card digits | USA | SCCs 2021 |
| Sentry | Error monitoring | IP address, stack traces | USA | SCCs 2021 |
| NextAuth.js | Authentication | Login credentials, session data | USA | SCCs 2021 |
| Github Auth Provider | Social login (optional) | Github profile data | USA | SCCs 2021 |
| Google Auth Provider | Social login (optional) | Google profile data | USA | SCCs 2021 |
| Various AI Providers | AI model access (OpenAI, Claude, etc.) | Query content, API usage metadata | USA | SCCs 2021 |
How to object
Email privacy@proxai.co within the 30-day window. If we cannot accommodate a reasonable objection, you may terminate your account for a prorated refund.
Data Processing Location
All data processing primarily occurs in the United States where our primary infrastructure is hosted. For customers in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs 2021) and implement appropriate supplementary measures to protect international data transfers.
Technical Implementations
Infrastructure Security
Our application architecture is split between Vercel (frontend) and Railway (backend), providing separation of concerns and enhanced security through infrastructure isolation.
Database Encryption
All sensitive data stored in our PostgreSQL database is encrypted at rest using industry-standard encryption methods.
Authentication Security
We implement secure authentication practices through NextAuth.js, with passwords hashed and all communication secured via HTTPS.
API Key Management
Provider API keys are stored with encryption and access is strictly limited to processing your specific requests.
Change log
- 2025-05-08 – Initial publication.