Sub-processors
TokenOne® uses the following third parties to deliver its service. Each is contractually bound by a Data Processing Agreement that meets the GDPR Article 28 standard. Changes to this list are notified at least 30 days in advance via email for subscribed customers.
| Sub-processor | Purpose | Region | DPA |
|---|---|---|---|
| Amazon Web Services (AWS) | Compute + storage infrastructure All customer data at rest; encrypted via KMS + AES-256-GCM. | EU (Frankfurt, Ireland), US (us-east-1) | View DPA |
| Stripe, Inc. | Payment processing + tax calculation Billing contact info, card fingerprints (no full card numbers stored by us). | US, EU | View DPA |
| Anthropic PBC | LLM inference (Claude models) via RouteOne Prompts routed to Anthropic via TokenOne® partner account when quality tier requires. | US | View DPA |
| OpenAI, LLC | LLM inference (GPT-family) via RouteOne Prompts routed to OpenAI when quality tier requires. | US | View DPA |
| Google (Vertex AI + Gemini) | LLM inference (Gemini family) via RouteOne Prompts routed to Gemini when requested or when quality tier requires. | US, EU, APAC | View DPA |
| OpenRouter (Metaprise Labs) | Fan-out LLM gateway for price-optimised routing Used as a secondary route inside TokenOne’s optimisation protocols. | US | View DPA |
| Fireworks AI | Open-source model inference (Llama / DeepSeek / Qwen) via RouteOne OSS-first routing for general chat, summarisation, classification. | US | View DPA |
| Together AI | Redundant OSS model host Secondary OSS provider when Fireworks is degraded. | US | View DPA |
| SendGrid (Twilio) | Transactional email (receipts, password resets, invitations) Email addresses only; no message content stored beyond retention window. | US | View DPA |
| Lakera Guard | Prompt-injection detection on inbound proxy traffic Prompt text scanned at proxy layer when Lakera guard is enabled. | EU (Switzerland) | View DPA |
| Redis Cloud (Redis Ltd.) | Session cache + idempotency store + BullMQ queue Short-lived cache entries; automatically evicted after TTL. | EU (AWS eu-west-1) | View DPA |
Last updated: 2026-05-25. For objections to a specific sub-processor, email legal@tokenone.io · we'll route around or help you exit per Article 28(2) GDPR.