Product Subprocessors

Last updated: 7 July 2026

Navos AI, Inc. uses the service providers below to operate Navos customer workspaces. We do not sell personal data, and we do not use advertising-data brokers. This page covers the product platform, not separate marketing-site tools.

Material additions or removals are notified to contracted customers at least 30 days before production rollout where the customer agreement requires it. To ask about this register or subscribe to change notices, email subprocessors@navos.ai.

Platform subprocessors

ProviderPurposeData processedLocation posture
Amazon Web ServicesPrimary cloud storage, database, object storage, networking, and backups.Customer workspace data, documents, reports, account records, authentication events, and generated outputs.us-east-1 primary.
VercelFrontend hosting, edge network, and Next.js API/BFF runtime.Session cookies, request data in transit, route metadata, and build/deployment artifacts.Global edge with production origin routing.
RailwayDjango backend and Celery worker runtime.Backend request/runtime data, worker task context, application logs, and deployment metadata.Railway-managed infrastructure; region reviewed in the vendor file.
Upstash / Redis providerManaged Redis for sessions, rate limits, cache keys, and Celery broker metadata.Session identifiers, rate-limit counters, cache keys, and task metadata.us-east-1 intended; verified through the vendor file.
AnthropicClaude API for AI analysis and generation workflows.Prompts, selected customer context, extracted document text, and generated responses.US/default API endpoint unless a customer-specific arrangement says otherwise.
OpenAIGPT API for AI analysis, generation, and fallback workflows.Prompts, selected customer context, extracted document text, and generated responses.US/default API endpoint unless a customer-specific arrangement says otherwise.
PerplexityAPI research path for external source discovery and synthesis support.Research prompts, topic/company context where included, and public-source query context.Vendor-managed API infrastructure.
FirecrawlPublic web crawling and source retrieval for external research.URLs to crawl and public web content. Customer-confidential documents are not intentionally sent.Vendor-managed infrastructure.
NewsAPI.ai / Event RegistryPublic news search and feed aggregation.Topic keywords, public-news queries, and public article metadata.Vendor-managed infrastructure.
ResendTransactional email delivery.Email addresses, email bodies, one-time links, and delivery metadata.US primary, with EU support depending on configuration.
SentryError monitoring and performance diagnostics.Stack traces, request paths, safe tags, source-map/release metadata, and scrubbed diagnostic context.us-east-1 for the current project posture.
PostHogCookieless product analytics and feature flags.Route-level product telemetry, safe event names/properties, and app metadata. Autocapture and session recording are disabled by default.US cloud host unless configured otherwise.
Better StackUptime monitoring, incident alerts, and redacted log management.Redacted logs, uptime probes, status codes, deployment metadata, and incident metadata.EU source for the current Railway log ingest.
SlackInternal beta and operational webhook alerts.Alert text and selected JSON snippets, minimized to avoid customer-confidential content.Slack/Salesforce service locations.

Customer-directed integration

Pylon ERP is a customer-directed integration, not a default processor for every Navos workspace. When a customer enables the connector, Navos connects to the customer-provided Pylon endpoint and imports the authorized sales or client rows into Navos. The customer-specific contract or annex must identify the endpoint owner, hosting region, allowed data scope, and any Pylon/Epsilon Net vendor terms that apply.

Transfer safeguards

Where personal data is transferred internationally, Navos relies on appropriate transfer mechanisms such as data processing agreements, standard contractual clauses, the UK addendum or IDTA where applicable, and vendor security measures. Customer contracts may include additional notice, objection, or regional terms.

© 2026 Navos AI, Inc.