Book a demoLogin
Features
Resources
Case StudiesSoonBest Practices
Use Cases
ExecutivesFinanceSalesProduct PortfolioConsultants
CompanyContact
Book a demoLogin

LEGAL

SUB-PROCESSOR LIST

Last updated: March 11, 2026

Scope

This page lists third-party processors engaged by Bayescase GmbH ("Bayescase", "we") to process Customer Personal Data on behalf of Customers in connection with the Bayescase SaaS Service (as defined in our DPA). Vendors we use as independent controllers for our own account, billing, or marketing purposes are listed separately for transparency.

Change Notifications and Objections

  • We will provide at least 30 days' advance notice of intended changes to the Sub-processor list by updating this page and, where feasible, by email or in-app notice.
  • To receive email updates, send a request to privacy@bayescase.com with the subject "Subscribe: Sub-processor updates" from your admin email.
  • Customers may object to a change on reasonable data protection grounds within 30 days of notice, per our DPA. If we cannot resolve an objection in good faith, the Customer may terminate the affected Service and receive a pro rata refund for the prepaid, unused portion.

Current Sub-processors (Service Data)

1. Amazon Web Services EMEA SARL (and affiliated AWS entities)

  • Role/purpose: Cloud hosting, compute, storage, databases, networking, encryption key management, logging/monitoring for the Bayescase production environment.
  • Data processed: All categories of Customer Personal Data stored or processed in the Service (including backups).
  • Processing location: EU/EEA (AWS Frankfurt, eu-central-1). Backups retained in the EU.
  • Transfer mechanism (if applicable): Not applicable for EU-region hosting. AWS provides a GDPR DPA and Standard Contractual Clauses (SCCs) for any support access from outside the EEA if it occurs.

2. OpenAI, L.L.C.

  • Role/purpose: AI inference and content generation for optional AI features requested by customer users (processing of prompts, contextual materials, and generation of outputs).
  • Data processed: Customer prompts, contextual materials, generated outputs, and limited service metadata necessary for API requests.
  • Processing location: May include the United States and other locations used by the provider.
  • Transfer mechanism: EU Standard Contractual Clauses (SCCs) and supplementary measures as described in our DPA.
  • Retention by sub-processor: As per OpenAI policy (currently up to 30 days for abuse monitoring; subject to change by OpenAI).

General Notes

  • Primary data residency: Customer Data is hosted in the EU/EEA (AWS eu-central-1, Frankfurt).
  • AI processing: Certain AI-related processing may occur outside the EU/EEA, including in the United States, subject to appropriate transfer safeguards as described in our DPA.
  • Backups: Encrypted backups are stored in the EU with a typical retention of up to 35 days.
  • Contact: For questions or objections, contact privacy@bayescase.com.