Sub Processors
Requesty Ltd – Sub‑processor Disclosure
Last updated: 23 September 2025
Sub‑processors are third‑party businesses engaged by Requesty Ltd ("Requesty", "we", "our") to process Personal Data on our behalf while we provide services to our customers ("Controllers"). Under the UK GDPR and EU GDPR these companies must offer sufficient guarantees, via contract, to implement appropriate technical and organisational measures that meet the regulation's requirements.
This page explains (1) our governance approach and (2) the current list of sub‑processors we rely on for the Requesty Large‑Language‑Model Router and related pay‑as‑you‑go services.
1 Governance
Due‑diligence & risk assessment. Every prospective sub‑processor undergoes security, privacy and compliance reviews before onboarding. We examine certifications (e.g. ISO 27001, SOC 2), security white‑papers, audit reports and data‑protection controls.
Contractual safeguards. Each sub‑processor signs a data‑processing agreement with Requesty that:• mirrors or exceeds the obligations in our customer DPA;• includes a robust personal‑data‑breach notification provision; and• commits to suitable technical and organisational measures.
Ongoing monitoring. We conduct annual reviews and monitor security advisories, incident reports and regulatory developments affecting each sub‑processor.
Notification & objection. Customers are notified at least 30 days in advance of any intended change to this list (via email or in‑app banner). If you have reasonable grounds to object, email support@requesty.ai within the notice period.
2 Current Sub-processors
The tables below list our infrastructure provider and model‑inference providers. Unless stated otherwise, Personal Data is limited to that necessary to provide the indicated service and is encrypted in transit and at rest.
2.1 Infrastructure
| Vendor | Location of Processing | Purpose | Privacy Policy |
|---|---|---|---|
| Amazon Web Services Inc. (AWS) | 🇩🇪 Frankfurt, Germany (EU Central 1) | Primary cloud infrastructure (compute, storage, networking) hosting the Requesty platform and databases | https://aws.amazon.com/privacy/ |
2.2 Large‑Language‑Model Providers (Inference)
| Vendor | Location | Data Retention | Retention Period | Privacy Policy |
|---|---|---|---|---|
| OpenAI Inc. | 🇺🇸 US | Yes | 30 days | OpenAI Privacy Policy |
| Anthropic PBC | 🇺🇸 US | Yes | 30 days | Anthropic Privacy Policy |
| Google LLC (Gemini API) | 🌍 Global | Yes | - | Gemini API Terms |
| Google LLC (Vertex AI) | 🇺🇸 US / 🇪🇺 EU | No | - | Vertex AI Data Governance |
| Microsoft Azure AI | 🇺🇸 US / 🇪🇺 EU | No | - | Microsoft Privacy Statement |
| AWS Bedrock | 🇺🇸 US / 🇪🇺 EU | No | - | AWS Privacy Notice |
| Mistral AI SAS | 🇪🇺 EU | Yes | 30 days | Mistral Privacy Policy |
| xAI Corp. | 🇺🇸 US | Yes | 30 days | xAI Privacy Policy |
| DeepInfra Inc. | 🇺🇸 US | No | - | DeepInfra Privacy Policy |
| Alibaba Cloud | 🇸🇬 Singapore | No | - | Alibaba Cloud Privacy Policy |
| DeepSeek | 🇨🇳 China | Yes | - | DeepSeek Privacy Policy |
| Groq Inc. | 🇺🇸 US | No | - | Groq Privacy Policy |
| Nebius AI | 🇪🇺 EU | No | - | Nebius Privacy Policy |
| NetMind.AI | 🇬🇧 UK | No | - | NetMind Privacy Policy |
| Novita AI | 🇺🇸 US | Yes | - | Novita AI Privacy Policy |
| Parasail | 🇺🇸 US | No | - | Parasail Privacy Policy |
| Perplexity AI | 🇺🇸 US | Yes | - | Perplexity Privacy Policy |
| Together AI Inc. | 🇺🇸 US | No | - | Together AI Privacy Policy |
When routing is enabled, prompts and model outputs are transmitted securely to the selected provider, processed transiently, and not used to train the provider's models unless you have explicitly opted in via your Requesty project settings.
Contact
Questions or objections? Email support@requesty.ai or write to: Requesty Ltd, 71‑75 Shelton Street, Covent Garden, London WC2H 9JQ, UK.