Third-Party Service Providers
Last Updated: January 20, 2026
Version: 2.0 | Total Providers: 172
This page lists all third-party service providers ("sub-processors") that Sigma5C uses to deliver our Services. This disclosure is provided in accordance with GDPR Article 28 requirements for sub-processor transparency.
Data Protection: All listed providers are contractually obligated to protect your data. Where applicable, we have executed Data Processing Agreements (DPAs) with these providers. We do not use your data for AI model training.
172
Total Providers
112
AI/LLM Providers
60
GPU/Infrastructure
135
GDPR Compliant
95
DPA Available
70
SOC 2 Certified
1. Critical Service Providers (Tier 1)
Direct contractual relationships with Sigma5C for core service delivery.
| Provider | Purpose | Privacy | Terms | DPA | GDPR | Certs | HQ |
|---|---|---|---|---|---|---|---|
| OpenRouter | AI Model Routing (100+ models) | Link | Link | Enterprise | Yes | - | US |
| Stripe | Payment Processing | Link | Link | Link | Yes | SOC 2, PCI DSS, ISO 27001 | US |
| Brevo | Email Marketing & CRM | Link | Link | Link | Yes | SOC 2, ISO 27001 | EU |
| Microsoft 365 | Email & Productivity | Link | Link | Link | Yes | SOC 2, ISO 27001, HIPAA, FedRAMP | US |
2. Major AI Model Providers (Tier 2)
Primary AI model providers accessed through OpenRouter or direct API integrations.
| Provider | Privacy | Terms | DPA | GDPR | Training | Certs | HQ |
|---|---|---|---|---|---|---|---|
| OpenAI | Link | Link | Link | Yes | Opt-out | SOC 2 | US |
| Anthropic | Link | Link | Link | Yes | No-train | SOC 2 | US |
| Google AI / Gemini | Link | Link | Link | Yes | Opt-out | SOC 2, ISO 27001, HIPAA, FedRAMP | US |
| Mistral AI | Link | Link | Link | Yes | No-train | HDS | EU |
| Cohere | Link | Link | Link | Yes | No-train | SOC 2, ISO 27001 | CA |
| Meta / Llama | Link | Link | N/A (Open) | Yes | N/A | SOC 2 | US |
| AWS Bedrock | Link | Link | Link | Yes | No-train | SOC 2, ISO 27001, HIPAA, FedRAMP | US |
| Azure OpenAI | Link | Link | Link | Yes | No-train | SOC 2, ISO 27001, HIPAA, FedRAMP | US |
| Groq | Link | Link | Enterprise | Yes | No-train | SOC 2 | US |
| Together AI | Link | Link | Link | Yes | No-train | SOC 2 | US |
| Fireworks AI | Link | Link | Link | Yes | No-train | SOC 2 | US |
| Replicate | Link | Link | Link | Yes | No-train | SOC 2 | US |
| SambaNova | Link | Link | Enterprise | Yes | No-train | SOC 2 | US |
| AI21 Labs | Link | Link | Link | Yes | Opt-out | SOC 2, ISO 27001 | IL |
| Perplexity AI | Link | Link | Link | Yes | Opt-out | SOC 2 | US |
3. Additional AI Providers (Tier 3)
Additional AI providers accessed via OpenRouter or specialized integrations.
3.1 Enterprise-Ready Providers
| Provider | Privacy | Terms | DPA | GDPR | Training | HQ |
|---|---|---|---|---|---|---|
| IBM Granite | Link | Link | Link | Yes | No-train | US |
| NVIDIA NIM | Link | Link | Link | Yes | No-train | US |
| Cloudflare Workers AI | Link | Link | Link | Yes | No-train | US |
| DeepInfra | Link | Link | Link | Yes | No-train | US |
| FriendliAI | Link | Link | Link | Yes | No-train | KR |
| Nebius | Link | Link | Link | Yes | No-train | EU |
| Black Forest Labs | Link | Link | Enterprise | Yes | No-train | EU |
3.2 Standard Compliance Providers
| Provider | Privacy | Terms | DPA | GDPR | Training | HQ |
|---|---|---|---|---|---|---|
| Cerebras | Link | Link | Enterprise | Partial | No-train | US |
| Liquid AI | Link | Link | Enterprise | Partial | Varies | US |
| Hyperbolic | Link | Link | Enterprise | Partial | Varies | US |
| EleutherAI | Link | Open Source | N/A | N/A | Open | US |
| Nous Research | Link | Link | Enterprise | Partial | Open | US |
| Prime Intellect | Link | Link | Enterprise | Partial | Open | US |
| Venice AI | Link | Link | Enterprise | Partial | No-train | US |
| Mancer | Link | Link | Enterprise | Unknown | No-train | US |
| Phala Network | Link | Link | Enterprise | Partial | TEE | SG |
3.3 Chinese Providers (Evaluate Carefully)
Notice: Chinese providers are subject to Chinese data protection laws (PIPL) and may have data localization requirements. Enterprise users should evaluate carefully before use.
| Provider | Privacy | Terms | DPA | GDPR | Training | HQ |
|---|---|---|---|---|---|---|
| DeepSeek | Link | Link | No | Unknown | May-train | CN |
| xAI / Grok | Link | Link | No | Unknown | May-train | US |
| Alibaba Qwen | Link | Link | Link | Yes | Opt-out | CN |
| Baidu / ERNIE | Link | Link | No | Unknown | May-train | CN |
| MiniMax | Link | Link | No | Partial | May-train | CN |
| Moonshot AI / Kimi | Link | Link | No | No | May-train | CN |
| StepFun AI | Link | Link | No | No | May-train | CN |
| SiliconFlow | Link | Link | No | No | Unknown | CN |
| Tencent / Hunyuan | Link | Link | Enterprise | Partial | May-train | CN |
| Inflection AI | Link | Link | No | Yes | May-train | US |
4. GPU Infrastructure Providers
Cloud computing and GPU infrastructure providers used for AI model inference.
4.1 Major Cloud Providers
| Provider | Privacy | Terms | DPA | GDPR | SOC 2 | ISO 27001 | HQ |
|---|---|---|---|---|---|---|---|
| Amazon AWS | Link | Link | Link | Yes | Yes | Yes | US |
| Microsoft Azure | Link | Link | Link | Yes | Yes | Yes | US |
| Google Cloud | Link | Link | Link | Yes | Yes | Yes | US |
| Oracle Cloud | Link | Link | Link | Yes | Yes | Yes | US |
| IBM Cloud | Link | Link | Link | Yes | Yes | Yes | US |
| OVHcloud | Link | Link | Link | Yes | Yes | Yes | EU |
| DigitalOcean | Link | Link | Link | Yes | Yes | Yes | US |
| Linode (Akamai) | Link | Link | Link | Yes | Yes | Yes | US |
4.2 Specialized GPU Providers
| Provider | Privacy | Terms | DPA | GDPR | SOC 2 | HQ |
|---|---|---|---|---|---|---|
| CoreWeave | Link | Link | Link | Yes | Yes | US |
| Lambda Labs | Link | Link | Link | Yes | Yes | US |
| Paperspace | Link | Link | Link | Yes | Yes | US |
| RunPod | Link | Link | Enterprise | Yes | Pending | US |
| Hetzner | Link | Link | Link | Yes | Yes | EU |
| Scaleway | Link | Link | Link | Yes | Yes | EU |
| Anyscale | Link | Link | Link | Yes | Yes | US |
| Baseten | Link | Link | Link | Yes | Yes | US |
| Modal | Link | Link | Link | Yes | Yes | US |
| Vast.ai | Link | Link | Enterprise | Partial | No | US |
| TensorDock | Link | Link | Enterprise | Partial | No | US |
| Salad Cloud | Link | Link | Enterprise | Partial | No | US |
5. Data Processing Locations
| Region | Providers | Data Protection |
|---|---|---|
| United States | ~115 providers | DPF certified, Standard Contractual Clauses |
| European Union | ~20 providers | GDPR native compliance |
| China | ~17 providers | PIPL, data localization may apply |
| Canada | ~5 providers | PIPEDA, adequacy decision |
| United Kingdom | ~5 providers | UK GDPR, adequacy decision |
| Other | ~10 providers | Standard Contractual Clauses |
6. Your Rights
You have the right to:
- Request information about which sub-processors process your data
- Object to the use of specific sub-processors (where legally permitted)
- Request we notify you of changes to this list
- Request deletion of your data from our systems and sub-processors
To exercise these rights, contact us at info@sigma5c.com.
7. Changes to This List
We update this list when we add or remove sub-processors. Material changes will be communicated to customers with active subscriptions at least 30 days in advance.
Subscribe to Updates: Enterprise customers can subscribe to sub-processor change notifications via their account dashboard or by contacting info@sigma5c.com.