Appearance
Sub-processors
A sub-processor is any third party that Term Tracker engages to process customer data on its behalf. This page lists every sub-processor, what data they receive, and the data-protection agreements that govern their use. Enterprise security reviewers and customers with DPA obligations should review this list before signing up.
See also: Security & Compliance.
Effective date: 2026-07-12
Sub-processor List
| Sub-processor | Purpose | Data accessed | Region(s) | DPA status |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Primary infrastructure: compute (Lambda), database (Aurora Serverless v2 PostgreSQL), file storage (S3), authentication (Cognito), queuing (SQS), email delivery (SES), key management (KMS), and security monitoring (CloudTrail, Config, Security Hub, GuardDuty, Inspector) | All customer data: contract files, extracted terms, account information, audit logs | us-east-1 (United States) | AWS Customer Agreement + AWS GDPR DPA (self-service download from AWS console) |
| Anthropic | AI extraction: contract text is sent to the Claude API to identify and extract terms specified in the project template | Contract text submitted for AI extraction (no account information or metadata) | United States | Standard DPA in procurement (see Anthropic Retention below) |
The chat feature ("Ask") reaches Anthropic Claude through Amazon Bedrock under AWS's standard service contract. The Anthropic sub-processor entry above covers the direct API usage by the contract-extraction pipeline.
Anthropic Retention
Anthropic retains API request and response data for up to 30 days per their standard data-handling policy. This data is not used to train Anthropic's models. A Zero-Data-Retention (ZDR) addendum is on the roadmap for when an enterprise customer requires it.
Notification of Changes
Material additions to this list will be reflected on this page. Customers with a signed Data Processing Agreement that includes a notification clause will receive notice per the terms of that agreement.