Legal · transparency
Sub-processors
Last updated · 29 April 2026MLtitude uses a small set of sub-processors to deliver the Service. Each operates under a written data-protection agreement and is reviewed before onboarding and annually thereafter. We commit to giving customers at least 30 days' notice before adding or replacing a sub-processor.
Want to be notified of changes? Email info@edothsoft.com and we'll add you to the notification list. The current list is below.
Infrastructure
| Sub-processor | Purpose | Location | Since |
|---|---|---|---|
| Hetzner Online GmbH | Application, database, and file storage hosting | Germany (EU) | 2025 |
| Cloudflare, Inc. | DNS, edge caching, DDoS protection, TLS termination | Global (EU + US) | 2025 |
Model providers
MLtitude uses third-party model providers to interpret briefs and structure content plans. We send only the minimum data needed to fulfil a request, and our contracts with these providers prohibit the use of customer content for training models, with zero-retention enabled where the provider supports it.
| Sub-processor | Purpose | Location | Since |
|---|---|---|---|
| OpenAI, L.L.C. | Generation of slide and module structure from user briefs (zero-retention) | United States | 2025 |
Operations and support
| Sub-processor | Purpose | Location | Since |
|---|---|---|---|
| Stripe, Inc. | Payment processing for paid plans | United States / EU | 2026 |
| Zoho Corporation | Business email hosting (Zoho Mail) for inbound and transactional messages | India | 2025 |
| Sentry (Functional Software, Inc.) | Error monitoring and application telemetry | European Union region | 2025 |
Internal access
Authorised MLtitude personnel access production systems only as needed to operate, secure, and support the Service. All such access is logged. Where personal data is transferred outside the EEA, transfers are governed by the European Commission's Standard Contractual Clauses (Decision 2021/914), incorporated by reference into our DPA.
What we don't use
- No third-party advertising trackers (Google Ads, Meta Pixel, TikTok Pixel, etc.).
- No data brokers or enrichment vendors.
- No session-replay tools that record customer content.
- No model-training contracts with any model provider.
Questions
If your security team needs additional detail on any of the sub-processors above — contracts, region selection, retention configurations — email info@edothsoft.com.