Sub-processors
These are the third parties that process data on our behalf to deliver RFP.ai. Each entry lists what it does, the data it receives, where processing happens, and its security certifications. The same providers are described in prose in our Privacy Policy.
Last updated 21 June 2026
| Sub-processor | Purpose | Data processed | Processing | Certifications |
|---|---|---|---|---|
| Mistral AI | AI model inference for response generation | Document content, questions, and context (API calls only). Never used for model training. | API-based inference under contractual restrictions | — |
| Cloudflare | Infrastructure, hosting, CDN, database (D1), and file storage (R2) | All application data | Primary application storage in the EU | ISO 27001, SOC 2 Type II |
| Stripe | Payment processing and subscription management | Billing information and payment methods | EU entity; possible global operations under applicable safeguards | PCI DSS Level 1, SOC 2 Type II |
| Resend | Transactional email delivery | Email addresses and email content | EU-oriented routing where available, with safeguards where applicable | — |
| Sentry | Error tracking and performance monitoring | Error logs and anonymized user IDs | EU-oriented configuration where available, with safeguards where applicable | SOC 2 Type II |
We update this list when we add, remove, or change a sub-processor. To be notified of changes, email peter@rfp.ai and we'll add you to the notification list.