.png){kind=logo}
01 / control
Security screening
- Infrastructure and data handling review
- Known breach history assessment
- Provider security posture evaluation
last reviewed · March 2026
version · v1.1
law · Nigeria / NDPA 2023
processors · 7
diff available ↓
legal / data subprocessors
Subprocessor ledger.
Every third-party service that may process personal data on behalf of AIDEVELOPIA users, what data each accesses, and why. Under the Nigeria Data Protection Act 2023, we are transparent about all subprocessors and maintain appropriate agreements with each one.
We only engage subprocessors that are necessary for delivering the service. Each provider is given access only to the data required for their specific function. We maintain data processing agreements with every subprocessor and review this list when we add or remove providers.
/01
Active subprocessors.
These providers may process personal data strictly within the scope of their stated purpose. Each operates under a data processing agreement with AIDEVELOPIA.
| subprocessor | purpose | data accessed | location |
|---|---|---|---|
|
Amazon Web Services
Infrastructure
|
Cloud infrastructure and hosting | All data stored on the platform, including uploaded documents and account data | United States |
|
OpenAI
AI processor
|
AI model processing | Query content submitted to the AI assistant (not personal identity data) | United States |
|
Anthropic
AI processor
|
AI model processing | Query content submitted to the AI assistant (not personal identity data) | United States |
|
Groq
AI processor
|
AI model processing | Query content submitted to the AI assistant (not personal identity data) | United States |
|
Stripe
Payments
|
Payment processing and subscription management | Name, email, billing address, payment method details. Card numbers are handled by Stripe directly. | United States |
|
Google Analytics
Analytics
|
Platform usage analytics | Anonymised usage data: pages visited, session duration, device type. No personal identity data. Requires consent. | United States |
|
Resend
Email delivery
|
Transactional email delivery | Email address and email content for service notifications, receipts, and account communications | United States |
All AI model providers (OpenAI, Anthropic, Groq) receive query content via server-side API calls only. They do not receive personal identity data such as names or email addresses, and they do not set cookies in your browser.
/02
Every subprocessor must meet these controls before approval.
We onboard new processors only when all three checks below clear. The list above stays short by design.
02 / control
Data processing agreement
- GDPR-aligned DPA in place before data flows
- Purpose limitation clauses enforced
- Agreement retained for compliance records
03 / control
Restricted data access
- Access limited to what the function requires
- No access to full platform data sets
- Minimum data retention principles applied
/03
Changes to this list and your rights.
We update this list when we add or remove subprocessors. If you are a customer and we add a new subprocessor that will process your personal data in a materially different way, we will notify you in advance where required under the NDPA 2023.
Under the NDPA 2023, you have the right to request information about the subprocessors handling your personal data, and to request deletion or restriction of that data. To exercise these rights, contact us at contact@aidevelopia.com.
/04
Changelog.
subprocessor list update history
last reviewed · March 2026
v1.1
Added "Data accessed" column for transparency. Removed Intercom pending confirmation of active installation. Corrected contact email domain. Updated to NDPA 2023 framing. Removed SOC2 and fabricated governance claims. (March 2026)
v1.0
Initial subprocessors list published. (August 2025)
/05
Ask about how your data is handled.
If you want to know more about any specific subprocessor or how your data is processed, contact us directly.
related legal docs