Legal

Data Subprocessors

Every third-party service that may process personal data on behalf of AIDEVELOPIA users, what data each accesses, and why. Under the Nigeria Data Protection Act 2023, we are transparent about all subprocessors and maintain appropriate agreements with each one.

Last reviewed · March 2026 Subprocessor Questions

Our approach

We only engage subprocessors that are necessary for delivering the service. Each provider is given access only to the data required for their specific function. We maintain data processing agreements with every subprocessor and review this list when we add or remove providers.

Active Subprocessors

These providers may process personal data strictly within the scope of their stated purpose. Each operates under a data processing agreement with AIDEVELOPIA.

Subprocessor Purpose Data accessed Location
Amazon Web Services Cloud infrastructure and hosting All data stored on the platform, including uploaded documents and account data United States
OpenAI AI model processing Query content submitted to the AI assistant (not personal identity data) United States
Anthropic AI model processing Query content submitted to the AI assistant (not personal identity data) United States
Groq AI model processing Query content submitted to the AI assistant (not personal identity data) United States
Stripe Payment processing and subscription management Name, email, billing address, payment method details. Card numbers are handled by Stripe directly. United States
Google Analytics Platform usage analytics Anonymised usage data: pages visited, session duration, device type. No personal identity data. Requires consent. United States
Resend Transactional email delivery Email address and email content for service notifications, receipts, and account communications United States

All AI model providers (OpenAI, Anthropic, Groq) receive query content via server-side API calls only. They do not receive personal identity data such as names or email addresses, and they do not set cookies in your browser.

How we select subprocessors

Every subprocessor must meet these controls before approval.

Security screening

Infrastructure and data handling review Known breach history assessment Provider security posture evaluation

Data processing agreement

GDPR-aligned DPA in place before data flows Purpose limitation clauses enforced Agreement retained for compliance records

Restricted data access

Access limited to what the function requires No access to full platform data sets Minimum data retention principles applied

Your rights

Changes to this list and your rights.

We update this list when we add or remove subprocessors. If you are a customer and we add a new subprocessor that will process your personal data in a materially different way, we will notify you in advance where required under the NDPA 2023.

Under the NDPA 2023, you have the right to request information about the subprocessors handling your personal data, and to request deletion or restriction of that data. To exercise these rights, contact us at contact@aidevelopia.com.

Changelog

Subprocessor list update history

Last reviewed · March 2026
  • v1.1

    Added "Data accessed" column for transparency. Removed Intercom pending confirmation of active installation. Corrected contact email domain. Updated to NDPA 2023 framing. Removed SOC2 and fabricated governance claims. (March 2026)

  • v1.0

    Initial subprocessors list published. (August 2025)

Questions about subprocessors?

Ask about how your data is handled.

If you want to know more about any specific subprocessor or how your data is processed, contact us directly.

Email Us Contact Form
Privacy Policy Compliance Center Cookie Declaration

This site uses cookies to enhance your experience, authenticate users, and analyze usage. Please see our Cookie Policy for more information.

Cookie Policy