Where your data lives and who else touches it
A public, up-to-date list of every external provider that processes personal data to deliver the Vashist service. Each subprocessor operates under a GDPR-compliant data-processing agreement (DPA).
To deliver the Vashist service, we contract with the following subprocessors. Each one operates under a GDPR-compliant data-processing agreement (DPA). Transfers outside the EEA are protected by the European Commission's Standard Contractual Clauses (SCCs).
| Provider | Purpose | Data processed | Region |
|---|---|---|---|
| Hostinger | Application hosting (VPS) and database. | All account and application data. | EU (Lithuania / Netherlands) |
| Stripe | Payment processing and subscription management. | Email, billing name, last 4 digits of card, transaction history. | EU / US (SCCs) |
| Resend | Transactional email (verification, password reset, notifications). | Email address and message content. | US (SCCs) |
| OpenRouter | Routing requests to AI models. | AI conversation messages (without direct personal identifiers where possible). | US (SCCs) |
| Anthropic (Claude) | Language model for AI chat, embeddings, and gurus. | Messages sent to chat. Anthropic does not train its models on API data. | US (SCCs) |
| OpenAI (GPT) | Alternative language model and embeddings. | Messages sent to chat. OpenAI does not train its models on API data. | US (SCCs) |
| Google (Gemini, OAuth, Calendar) | Alternative model, OAuth login (optional), calendar sync (optional). | Only if you enable OAuth/Calendar: Google name, email, calendar events created by Vashist. | US (SCCs) |
| Mem0 | AI chat persistent memory (PRO users only, when the feature is enabled). | Contextual summaries derived from your conversations (dosha, preferences, topic history). | US (SCCs) |
| Langfuse | Observability and AI response quality (latency, cost, error flagging). | AI call metadata and prompt/response samples. | EU (Germany) — self-hosted where applicable |
This list may change as the infrastructure evolves. We will notify you of material changes 30 days in advance.
Related documents
For the full picture of how we handle your data — lawful bases, retention periods, GDPR rights — see the Privacy Policy. For details on how AI models are used and what memories the system stores, see the AI Transparency page.