Skip to content
RegSpace

Last updated: 21 April 2026

Sub-processors

Template under legal review. This document is a working draft and has not yet been reviewed by qualified counsel. It must not be published externally without review and should not be relied upon as legal advice.

RegSpace engages the following sub-processors to provide the Service. We give at least 30 days’ notice before onboarding a new sub-processor or materially expanding the scope of an existing one. You can subscribe to change notices by emailing privacy@regspace.ai.

Sub-processorPurposeDataLocation
Google Cloud PlatformPrimary cloud infrastructure: Cloud Run, AlloyDB, GCS, Cloud KMS, Pub/Sub, Cloud SchedulerAll tenant data; encrypted at rest with per-tenant CMEKeurope-west2 (UK/EU tenants); us-central1 (US tenants)
Google — Vertex AI (Gemini)LLM inference for classification, memo drafting, and extractionRequest payloads (prompts + retrieved snippets); no training on client dataPinned to tenant residency region
Anthropic — via Vertex AI Model GardenSecond-opinion LLM inference for Reviewer agentRequest payloads; zero-retention enterprise endpointPinned to tenant residency region
Langfuse (self-hosted)Observability for agent tracesMetadata, tokens, latencies; payloads hashedSame region as tenant
Firebase AuthAuthenticationAccount metadata (email, display name, provider)Google global (metadata only)
Postmark (or SendGrid)Transactional email (weekly digests, account notifications)Recipient email and message contentUS / EU (provider default)
CloudflareDNS and DDoS protectionRequest metadata (IP, user agent)Global edge

Review cadence

Sub-processors are re-assessed at least annually against their SOC 2, ISO 27001, or equivalent attestations. Where an attestation is not available, RegSpace conducts its own risk assessment and records the outcome in our internal vendor register.