Legal

Sub-processors

Last updated: 16 April 2026

This page lists the third-party sub-processors Matriq uses to deliver the Service. Each is bound by contract to protect Customer Data, process it only on our instructions, and apply industry-standard security controls. We'll give customers advance notice (by email and via this page) before onboarding a new sub-processor so you have a chance to object.

Sub-processor	Purpose	Data accessed	Region
Amazon Web Services	Cloud infrastructure & hosting	All workspace data (encrypted at rest & in transit)	US-East (us-east-1)
Anthropic	LLM inference (zero-retention API)	Schema metadata & natural-language prompts only	United States
OpenAI	LLM inference (zero-retention API, optional)	Schema metadata & natural-language prompts only	United States
Stripe	Billing & payment processing	Billing contact information only	United States
Postmark	Transactional email	Email addresses & notification content	United States
Cloudflare	CDN, DDoS protection, WAF	HTTP request metadata	Global edge
Netlify	Marketing website hosting	HTTP request metadata, form submissions	Global edge
Calendly	Meeting scheduling	Name, email, selected time for booked meetings	United States

How we vet sub-processors

We only use sub-processors when their role is necessary to provide the Service.
Each sub-processor is contractually bound to apply security controls at least as protective as ours and to use data only on our instructions.
LLM providers are used on zero-retention API tiers: customer prompts are not logged, cached, or used to train models.
We review this list at least annually and whenever we change the architecture materially.

Notice of changes

We'll publish an update on this page before adding a new sub-processor. If you're a paying customer (once paid tiers launch) and would like email notifications of changes, email security@matriq.ai to subscribe.

Questions about any vendor on this list? Email security@matriq.ai.