Subprocessors
This page lists every third-party service that processes personal data on ATO’s behalf in order for us to deliver the Service. It is published and maintained per GDPR Art.28 and LGPD Art.39 transparency expectations.
For each entry below we identify the subprocessor, the purpose, the categories of personal data shared, the processing location, and the relevant Data Processing Agreement (DPA) or equivalent contract.
If you want to be notified of changes to this list before they take effect, subscribe at will@nigri.io with subject “Subprocessor notifications.” We aim to give at least 30 days’ advance notice of additions affecting EU/EEA/UK or Brazilian users.
1. Active subprocessors
Infrastructure
| Subprocessor | Purpose | Data shared | Location | DPA |
|---|---|---|---|---|
| Railway Corp. | Application hosting (compute, PostgreSQL, object storage) for the ato-cloud backend | All server-side personal data: email, name, password hash, session metadata, traces synced from desktop | United States primary | Link |
Communications
| Subprocessor | Purpose | Data shared | Location | DPA |
|---|---|---|---|---|
| Transactional email provider (to be finalized; expected: Postmark or SendGrid) | Email verification, password reset, security alerts, account notifications, DSR responses | Email address, name, message contents | United States or EU (per chosen vendor) | TBD on selection |
LLM providers (BYOK pass-through)
When you dispatch prompts via ATO to one of these providers using your own API key or your own CLI subscription, ATO acts as a transient pass-through. You are the controller of the data sent; the provider is your processor under their own DPA and terms. ATO does not store the prompt or response content on our servers unless you separately enable trace sync.
| Provider | Typical role | DPA / Privacy |
|---|---|---|
| Anthropic, PBC (Claude / Claude Code) | Your processor (BYOK / CLI subscription) | Privacy · Commercial terms |
| OpenAI, L.L.C. (GPT / Codex) | Your processor (BYOK / CLI subscription) | Privacy · DPA |
| Google LLC (Gemini / Gemini CLI) | Your processor (BYOK) | DPA |
| MiniMax | Your processor (BYOK) | Privacy |
| xAI (Grok) | Your processor (BYOK) | Privacy |
| DeepSeek | Your processor (BYOK) | Privacy |
| Alibaba Cloud (Qwen via DashScope) | Your processor (BYOK) | Legal |
| OpenRouter | Your processor (BYOK) — multi-provider gateway | Privacy |
If you configure additional LLM providers in ATO that are not listed above, you must confirm directly with that provider that their terms permit your intended use.
2. Sub-subprocessors
Our subprocessors may themselves engage further subprocessors (sub-subprocessors). Where required by their DPA, they maintain their own public subprocessor lists. Notable links:
- Railway sub-subprocessors: see Railway DPA Schedule
- Anthropic / OpenAI / Google: each maintain published subprocessor lists in their trust portals
3. Planned subprocessors (not yet active)
The following are on our roadmap. None are processing user data yet:
- Stripe, Inc. — payment processing, when paid tiers launch. Will collect billing-related personal data (name, billing address, email; PCI data stays at Stripe).
- Sentry, Inc. — error tracking, when we add server-side or client-side error monitoring. EU data residency configured by default for EU users.
- Privacy-friendly website analytics — if we add analytics, current preference is Plausible Analytics OÜ (EU-hosted, cookie-free).
Each of these will be added to the “Active” section above when they begin processing, after at least 30 days’ advance notice to subscribers of the change.
4. How to be notified of changes
Email will@nigri.io with subject “Subprocessor notifications” to receive advance notice of additions or material changes. We will hold this list for as long as you maintain an account or for as long as you remain subscribed.
5. Contact
Questions about a specific subprocessor or about your transfer rights: will@nigri.io.
See also: Privacy Policy · Terms of Service · Cookie Notice · Submit a data request