This page lists the third-party services (“Sub-processors”) that GreyScape.ai (operated by KARRD Services FZCO) uses to provide the Service. We publish this list to comply with our transparency obligations under the GDPR (Article 28(2)) and the equivalent UAE PDPL provisions, and because we think you should know who handles your data on our behalf.
1. How we evaluate sub-processors
Every sub-processor we engage must:
- Provide a comparable or greater level of data protection than we offer ourselves.
- Be bound by written terms that mirror our obligations under the GDPR Article 28 and any equivalent UAE PDPL requirements.
- Maintain appropriate technical and organisational security measures (encryption at rest, encryption in transit, access controls, audit logging).
- Allow us, as their customer, to assist controllers (you) in responding to data subject rights requests.
- Notify us promptly of any personal data breach affecting our data.
We re-review the list at least annually and whenever we add a new sub-processor.
2. Notification of changes
We give Customers at least 30 days' advance notice of any material change to our sub-processor list (additions or replacements affecting categories of personal data). Notice is given by email to the registered account owners of each tenant, and via an update to this page (the “Last updated” date at the top will reflect the revision). You may object on reasonable data-protection grounds; if we can't reach an agreement, you may terminate the affected portion of the Service in accordance with the Terms and our DPA.
3. Core platform sub-processors
These sub-processors are involved in every GreyScape.ai deployment. Disconnecting any one of them would prevent the Service from functioning.
| Vendor | Purpose | Data categories | Region |
|---|---|---|---|
| Railway | Application hosting + managed PostgreSQL database. Stores Customer Data at rest. | All Customer Data | United States (primary) |
| Cloudflare | DNS, edge CDN, and inbound email routing ([email protected] forwarding). May process transient request headers. | IP addresses, request metadata | Global (request-route dependent) |
| WorkOS | AuthKit-hosted sign-in (Google / Microsoft / Apple / GitHub OAuth). Source of authoritative user identity for the Service. | Account email, name, sign-in metadata, identity-provider tokens | United States |
| Resend | Transactional email delivery (sign-in confirmations, invitations, approvals, admin alerts). | Recipient email, name, message body | United States |
| ipapi.co | IP geolocation lookup used to enrich sign-in attempts and demo leads with country / city / network operator. | IP address (sent), geolocation metadata (received) | United States |
4. AI advisor sub-processors (optional)
The in-product AI advisor and the public AI workload calculator route a small amount of conversational text to an LLM provider for scoping and recommendations. The Customer chooses which provider key to use. If the advisor is not enabled, none of these sub-processors are engaged.
| Vendor | Purpose | Data categories | Region |
|---|---|---|---|
| OpenAI | Powers the in-product AI advisor that scopes approval requests and runs the public AI workload calculator. Used only when an `LLM_API_KEY` is configured by the Customer. | Approval scoping conversation text | United States |
| Anthropic | Alternative LLM provider for the AI advisor. Used only if the Customer configures an Anthropic key as the LLM provider. | Approval scoping conversation text | United States |
5. AI provider observed-account integrations
Connectors that read usage and cost data from third-party AI providers operate on your provider account. The relationship is between you and the provider; we act on your behalf to read usage. We don't store the credentials in plaintext (see the Security Statement).
| Vendor | Purpose | Data categories | Region |
|---|---|---|---|
| OpenAI (Admin API) | When a Customer connects their OpenAI organisation, we call the Admin API to read usage and cost metadata. We send our credentials, OpenAI returns aggregated usage records. | OpenAI usage and cost metadata (read) | United States |
| Anthropic (Admin API) | When a Customer connects their Anthropic organisation, we call the Admin API to read workspace usage. | Anthropic usage metadata (read) | United States |
6. Internal personnel
Personnel of KARRD Services FZCO who operate GreyScape.ai are bound by confidentiality obligations equivalent to those imposed on sub-processors. Access to production data is on a need-to-know basis, logged, and restricted to a small number of engineers who have completed background checks and security training.
7. Cross-border transfers
Many of the sub-processors above are based in the United States; Cloudflare operates a global edge network. Personal data transferred out of the EU/EEA or UK is protected by Standard Contractual Clauses (SCCs) and (for UK-origin data) the UK International Data Transfer Addendum. Personal data transferred out of the UAE is protected by the equivalent transfer mechanisms permitted under the UAE PDPL Executive Regulations.
8. Contact
Questions about a specific sub-processor or to request a copy of the relevant transfer mechanism: [email protected].