LeanTek Product Update: New Decision Intelligence Capabilities
| Subprocessor | Role | Data Accessed | Processing Location(s) | Legal Basis | DPA / Terms Link |
| LSG (Lean Solutions Group) | Primary data controller / processor; platform delivery, governance, human-in-the-loop operations | All Customer Data, AI Inputs/Outputs, Usage Data, Personal Information | USA (FL); Colombia; Philippines; Guatemala; Mexico; Ecuador | Master Subscription Terms + DPA; CCPA, GDPR, Swiss FADP | MST & DPA — available on request |
| OpenAI | LLM inference — processes prompts for AI reasoning and output generation | AI Customer Inputs submitted to LLM APIs; AI Customer Outputs | USA (primary); EU residency available on request | Enterprise API agreement; no-training-on-customer-data commitment; LSG DPA flows down | openai.com/policies/privacy-policy |
| Xano | Backend infrastructure — database, API layer, application server for AgentEdge | All active operational data processed through AgentEdge; workflow state data | USA (AWS us-east-1 default); EU/APAC regions available | Written DPA-equivalent agreement; confidentiality & data protection terms at least as protective as LSG customer DPA | xano.com/privacy |
| ReformHQ | OCR and document extraction — converts document images/PDFs to structured data | Document content submitted for extraction (e.g., invoice images, shipping docs) | USA | Written agreement; data used for OCR processing only; not retained beyond service delivery | reformhq.com/privacy |
| Amazon Web Services (AWS) | Cloud hosting, compute, and storage infrastructure for AgentEdge platform components | Encrypted data at rest on AWS infrastructure; application-layer access controlled by LSG | USA (us-east-1 primary); EU (eu-west-1); APAC — configurable per engagement DPA | AWS Customer Agreement + AWS DPA (GDPR SCCs included); LSG controls application-layer access | aws.amazon.com/compliance/data-privacy |
| Google Cloud Platform (GCP) | Cloud hosting, compute, and storage infrastructure for specific AgentEdge platform components | Encrypted data at rest on GCP infrastructure; application-layer access controlled by LSG | USA (us-central1 primary); EU (europe-west1); APAC — configurable per engagement DPA | Google Cloud DPA (GDPR SCCs and Standard Contractual Clauses included); LSG controls application-layer access | cloud.google.com/terms/data-processing-addendum |
| Gemini | LLM inference — processes prompts for AI reasoning and output generation | AI Customer Inputs submitted to LLM APIs; AI Customer Outputs | USA (primary); EU residency available on request | Enterprise API agreement; no-training-on-customer-data commitment; LSG DPA flows down | https://docs.cloud.google.com/gemini/docs/discover/data-governance |
| Claude | LLM inference — processes prompts for AI reasoning and output generation | AI Customer Inputs submitted to LLM APIs; AI Customer Outputs | USA (primary); EU residency available on request | Enterprise API agreement; no-training-on-customer-data commitment; LSG DPA flows down | https://www.anthropic.com/legal/data-processing-addendum |
| Bland AI | Conversational AI voice agent platform for inbound/outbound call automation and voice workflow orchestration | Voice call metadata, AI prompts, transcripts, audio streams, AI Customer Inputs/Outputs, operational workflow data | USA (primary); EU data residency available on request | Enterprise services agreement + DPA; SOC 2 Type II; GDPR-aligned processing; no-training-on-customer-data commitments | https://www.bland.ai/legal/data-processing-agreement |
| Drumkit AI | AI-powered logistics workflow automation and data orchestration platform integrated with email and TMS systems | Operational logistics data, email workflow metadata, shipment and scheduling information, AI-generated workflow outputs | USA | Written agreement with confidentiality and data protection obligations; SOC 2 Type I controls; GDPR/CCPA-aligned handling practices | https://www.drumkit.ai/privacy |
