This page lists processors under Art. 28 GDPR that may process personal data within VAND. The processors actually used by your workspace depend on the selected data boundary and enabled models.
Local
Your own or on-premises infrastructure only; no cloud inference.
EU
EU/EEA hosting with GDPR-compliant data processing agreements.
Global
Global providers, including providers outside the EEA, only when workspace policy permits them.
Filter:
Hetzner Online GmbHLocal
Hosting of the primary PostgreSQL database, application and object storage
The workspace-wide data boundary under Settings → Privacy determines which processor groups can be used:
Local — only local processors are eligible.
EU — local and EU processors are eligible.
Global — local, EU and global processors are eligible. Global transfers require an appropriate risk assessment and transfer mechanism.
Administrators may apply stricter data boundaries to individual capabilities. Server-side policy checks still run on every model request.
Conversation classification
A conversation can additionally be classified as Restricted. Restricted conversations are never sent to Global processors, even when the workspace data boundary would otherwise allow them.
Requests and Data Processing Agreement
A signature-ready DPA is available on request from legal@vand.ai. We update this overview within 14 days after putting a new sub-processor into operation.