Transparency

Subprocessors

nordnung.ai is operated in Germany on its own infrastructure. The following subprocessors within the meaning of Art. 28 GDPR are used — exclusively within the EU. Customer content is not used to train the AI models.

Last updated: 18 June 2026

Provider	Purpose	Processing location	Safeguards
Microsoft Ireland Operations Ltd. (Azure OpenAI)	AI voice functions (Voice, OpenAI models)	EU region	Microsoft DPA · EU Data Boundary · SCC/DPF
Amazon Web Services EMEA SARL (AWS)	AI agent functions (Claude models)	EU region	AWS DPA · SCC/DPF

Telecommunications (not Art. 28 GDPR)

SIP/telephony connectivity is provided by easybell GmbH. Telecommunications services are largely not processing on behalf within the meaning of Art. 28 GDPR: the provider is itself the controller for data relating to the circumstances of the telecommunication (e.g. billing data; cf. EDPB Guidelines 07/2020 on controller and processor) and does not take knowledge of the content in order to preserve telecommunications secrecy (§ 3 TDDDG). The telephone system and LiveKit instance are operated in-house.

Self-hosted (no external subprocessors)

Telephone system, LiveKit, HashiCorp Vault, MeshCentral, monitoring, and mail delivery are self-hosted on our own infrastructure. Providers/operators of the data center space receive no access to personal data.

Data Processing Agreement (DPA)

For pilot and customer processes we provide a data processing agreement under Art. 28 GDPR. The DPA including technical and organizational measures (TOM annex) is available on request at contact@securevibe.de.

Changes

Intended changes to the list of subprocessors are communicated to customers at least 30 days in advance. Customers with a data processing agreement may object within this period on important data protection grounds.

Data protection questions: contact@securevibe.de