Subprocessors
UltraOffice engages the subprocessors listed below to provide our service. Every subprocessor has a signed Data Processing Agreement (DPA) and a current SOC 2 report (or equivalent assurance).
We commit to giving customers at least 30 days' notice before adding or replacing a subprocessor that processes customer content. To subscribe to subprocessor change notifications, email security@ultraoffice.ai.
Last updated: May 17, 2026.
Critical Subprocessors
These services process or store customer content.
| Subprocessor | Purpose | Data processed | Location | Compliance |
|---|---|---|---|---|
| Google Cloud Platform | Private VPC per customer | All production data | US (multi-region) | SOC 2, ISO 27001, 27017, 27018 |
| Anthropic (Claude API) | Large language model inference | Customer document content submitted to AI features | US | Trust Center |
| OpenAI | Large language model inference | Customer document content submitted to AI features | US | Trust Portal |
| Google Vertex AI (Gemini) | Large language model inference | Customer document content submitted to AI features | US | Covered by GCP SOC 2 |
| GitHub | Source code hosting and CI/CD | Source code only — no customer data | US | Security |
| Google Workspace | Internal email, docs, and identity for UltraOffice staff | UltraOffice corporate data — no customer content | US | SOC 2, ISO 27001 |
LLM providers — zero data retention
Customer content sent to these model providers is used only to produce each API response. Under our agreements and each vendor’s API / data-processing terms, it is covered by zero data retention for model training and improvement: inputs and outputs are not stored for reuse in foundation-model development and are not used to train third-party models. (Limited, short-lived processing or logging may still apply as described in each vendor’s documentation—for example, transient operational handling, security, or legal requirements.)
| Provider | Zero retention note |
|---|---|
| Anthropic (Claude API) | Commercial API terms with no training on customer data; retention limited to fulfilling the request per Anthropic’s data processing commitments. |
| OpenAI | API data not used to train OpenAI models; business/API retention aligned with zero retention for training under our contractual terms. |
| Google Vertex AI (Gemini) | Inference processed under Google Cloud’s AI/Vertex data protections; customer content not used to train generalized Google models per applicable Cloud terms. |
Operational Subprocessors
These services support operations but do not process customer content.
| Subprocessor | Purpose | Data processed | Location | Compliance |
|---|---|---|---|---|
| Langfuse (self-hosted) | LLM trace observability | LLM request logs (internal debugging only) | US | Security |
| Firebase Hosting | Static hosting for the marketing site (ultraoffice.ai) | Visitor IP and standard CDN access logs (no customer account data) | US (multi-region) | Covered by GCP SOC 2 |
Model Training
We do not train AI models on customer data. Every LLM subprocessor above is engaged under a data processing agreement that prohibits training on our customers' inputs or outputs. This is enforced contractually and, where available, through API-level opt-outs.
Questions
Email security@ultraoffice.ai for:
- DPA copies or countersignature
- Subprocessor change notifications
- Detailed data-flow questions