Behavioral Intelligence Engine uses the following subprocessors to operate the Service. Each link below goes to the subprocessor’s own Data Processing Agreement or equivalent.
We will update this page when we add, remove, or materially change a subprocessor. Customers on an enterprise plan receive advance notice by email of any change; for other plans, this page is the canonical source. To subscribe to change notifications regardless of plan, email privacy@bieintel.com.
Purpose
Primary application database, authentication, realtime, and object storage
Data processed
All customer data — account metadata, behavioural events and signals, profiles, reports, encrypted OAuth tokens
Location
European Union (default) or United States (customer-selectable). AWS-backed.
Purpose
Application hosting and edge delivery
Data processed
Application logs, request metadata. No customer content.
Location
Global edge network; serverless functions run in the region closest to the request.
Purpose
Inference — all BIE intelligence output (classifications, reports, agent drafts) is produced via Claude
Data processed
Prompts include behavioural event excerpts and derived context. On our tier, Anthropic does not retain content for training.
Purpose
Payment processing and subscription management
Data processed
Billing email, payment method metadata, invoice history. No behavioural data is shared with Stripe.
Location
Global; processing region determined by customer location.
Purpose
Job queue (BullMQ) and short-lived rate-limit state
Data processed
Job payloads reference internal identifiers only — no message content or PII is persisted to Redis.
Location
European Union (default) or United States (selectable).
Purpose
Transactional email (signup verification, password reset, billing receipts, research-job completion notifications)
Data processed
Recipient email address, subject line, body of the specific message sent.
Purpose
Error and performance monitoring
Data processed
Stack traces, request paths, error context. PII is scrubbed at the SDK level before transmission.
Location
United States or European Union (configured per deployment).
Purpose
Product analytics — pageviews and feature-interaction events. Loads only after explicit consent via the cookie banner.
Data processed
Pseudonymous user identifier, pageview URL, UI interaction events. No behavioural data from connected platforms.
Location
European Union (eu.i.posthog.com) by default; United States on request.
Purpose
CDN, DDoS protection, DNS
Data processed
Standard request metadata (IP, user agent, URL). No request bodies are retained by Cloudflare for our configuration.
Location
Global edge network.
Data Processing Agreement
BIE offers a Data Processing Agreement incorporating the EU Standard Contractual Clauses (Module Two: Controller-to- Processor) and, where applicable, the UK International Data Transfer Addendum. The template is available on request.
To request a DPA, write to privacy@bieintel.com with your entity name and signing contact. We will send a copy, review any reasonable redlines, and counter-sign. Customers on enterprise plans have a DPA in place before the Service is used in anger.
If you have a counter-signed MSA that already includes a DPA addendum and that addendum covers your engagement, we will sign that instead.