Sub-processors
The third-party services TeachGen AI uses to deliver its platform.
Current as of
5 May 2026
List version 2.1. This page is contractually referenced by the TeachGen AI Standard Data Processing Addendum (DPA), Appendix B.
What is a sub-processor?
A sub-processor is a third-party service we engage to help us deliver the TeachGen AI platform. Each sub-processor on this list is contractually bound by a Data Processing Agreement that requires them to protect personal data to the same standard we do.
We give customers at least 30 days' notice before adding or replacing a sub-processor. Customers may object to a change in writing within that period; we will then work in good faith to resolve the objection.
Current sub-processors
| Sub-processor | Purpose | Location | Transfer safeguard | Website |
|---|---|---|---|---|
| Microsoft Azure | AI base models for text and image generation (via Azure OpenAI Service), data storage, application hosting, database services, authentication, monitoring, security | UK / EU (EU-West region) | UK/EU regions; Microsoft DPA with SCCs, UK safeguards and DPF commitments for restricted transfers. | azure.microsoft.com |
| Microsoft 365 | Internal productivity services | UK / EU | Microsoft Product Terms/DPA; SCCs and DPF commitments where international transfers occur. | microsoft.com/trust-center |
| Amazon AWS | AI base models, data storage | EU (eu-west-1, Ireland) | EU region processing; AWS DPA with SCCs and UK Addendum for restricted transfers. | aws.amazon.com |
| Google Cloud Platform | AI base models, data storage, authentication, security | EU | Google Cloud DPA incorporates SCCs for EU, UK and Swiss transfer requirements. | cloud.google.com |
| Cloudflare | Content delivery network (CDN), DDoS protection, web security, DNS services | Global edge network | Cloudflare DPA: DPF where applicable; SCCs/UK Addendum for restricted transfers. | cloudflare.com |
| Twilio SendGrid | Marketing and newsletter email | USA (with EU SCCs) | Twilio DPA: DPF, BCRs, SCCs and UK IDTA/Addendum order of precedence. | twilio.com |
| Resend | Transactional email (account, security, notification) | USA (with EU SCCs) | Resend DPA includes EU SCCs and UK Addendum; Resend states DPF/UK Extension certification. | resend.com |
| Stripe | Payment processing | USA / Ireland | Stripe Data Transfers Addendum: DPF first, then EEA SCCs or UK Addendum as applicable. | stripe.com |
| Google Analytics | Website and platform usage analytics | USA (with EU SCCs) | Google Ads/Analytics data protection terms and SCC-based transfer safeguards. | policies.google.com |
Microsoft Azure
- Purpose
- AI base models for text and image generation (via Azure OpenAI Service), data storage, application hosting, database services, authentication, monitoring, security
- Location
- UK / EU (EU-West region)
- Transfer safeguard
- UK/EU regions; Microsoft DPA with SCCs, UK safeguards and DPF commitments for restricted transfers.
- Website
- azure.microsoft.com
Microsoft 365
- Purpose
- Internal productivity services
- Location
- UK / EU
- Transfer safeguard
- Microsoft Product Terms/DPA; SCCs and DPF commitments where international transfers occur.
- Website
- microsoft.com/trust-center
Amazon AWS
- Purpose
- AI base models, data storage
- Location
- EU (eu-west-1, Ireland)
- Transfer safeguard
- EU region processing; AWS DPA with SCCs and UK Addendum for restricted transfers.
- Website
- aws.amazon.com
Google Cloud Platform
- Purpose
- AI base models, data storage, authentication, security
- Location
- EU
- Transfer safeguard
- Google Cloud DPA incorporates SCCs for EU, UK and Swiss transfer requirements.
- Website
- cloud.google.com
Cloudflare
- Purpose
- Content delivery network (CDN), DDoS protection, web security, DNS services
- Location
- Global edge network
- Transfer safeguard
- Cloudflare DPA: DPF where applicable; SCCs/UK Addendum for restricted transfers.
- Website
- cloudflare.com
Twilio SendGrid
- Purpose
- Marketing and newsletter email
- Location
- USA (with EU SCCs)
- Transfer safeguard
- Twilio DPA: DPF, BCRs, SCCs and UK IDTA/Addendum order of precedence.
- Website
- twilio.com
Resend
- Purpose
- Transactional email (account, security, notification)
- Location
- USA (with EU SCCs)
- Transfer safeguard
- Resend DPA includes EU SCCs and UK Addendum; Resend states DPF/UK Extension certification.
- Website
- resend.com
Stripe
- Purpose
- Payment processing
- Location
- USA / Ireland
- Transfer safeguard
- Stripe Data Transfers Addendum: DPF first, then EEA SCCs or UK Addendum as applicable.
- Website
- stripe.com
Google Analytics
- Purpose
- Website and platform usage analytics
- Location
- USA (with EU SCCs)
- Transfer safeguard
- Google Ads/Analytics data protection terms and SCC-based transfer safeguards.
- Website
- policies.google.com
All AI inference (text and image generation) runs inside our Microsoft Azure tenancy in the EU-West region. We do not send Customer data to OpenAI's direct API.
Change log
5 May 2026 · v2.1
Added transfer safeguard information for each sub-processor to align the public list with the Standard DPA and Privacy Notice.
3 May 2026 · v2.0
Added Resend as a sub-processor for transactional email (account, security, notification messages). Removed OpenAI as a direct sub-processor - image generation has migrated from OpenAI's DALL-E 3 (US) to GPT-Image-1 on Microsoft Azure OpenAI Service (EU-West), already covered by the existing Microsoft Azure relationship. All AI inference now runs in the EU.
1 January 2026 · v1.0
Initial published list aligned to Standard DPA v2.0.
Related documents
Questions about a specific sub-processor: [email protected]