Trust & policies
Data Processing
Business-user notes on processing roles, BYOK Providers, subprocessors, DPA posture, and final review requirements.
Final legal review required before public launch. This page is professional draft policy content and must be reviewed by qualified counsel before public launch.
Roles
Users may act as controller for uploaded or source data
Business users may act as controller or equivalent responsible party for Source Material, uploaded files, prompts, customer data, and business content they place into opheli.ai.
opheli.ai may process that data to provide the service, execute Runs, generate Artifacts, secure accounts, support users, and operate the platform.
BYOK
Third-party AI Providers may process prompts and Context
When users connect a Provider key and launch Runs, selected prompts, Context, Operator instructions, and related execution inputs may be sent to that Provider.
The Provider relationship, terms, privacy posture, and billing are controlled by the user and Provider unless opheli.ai explicitly introduces managed credits or managed Provider processing later.
Subprocessors
Subprocessor list draft
- Hosting/VPS provider: final provider and region to be confirmed.
- Email/SMTP provider: final provider to be confirmed.
- Payment provider: Stripe if self-service billing is enabled.
- AI Providers: user-connected Providers such as OpenAI or Anthropic when configured by the user.
- Analytics provider: none active by default unless implemented and consented.
DPA
Data Processing Agreement posture needs counsel review
DPA availability, controller/processor wording, international transfer terms, retention schedules, subprocessors, and business customer terms must be finalized by qualified counsel before public launch.