Legal

Subprocessors.

Last updated: April 2026

This page lists the third parties Foyla uses to provide the service. We give at least 30 days' notice of any new or replacement subprocessor. To subscribe to change notifications, email [email protected] with the subject line "Subprocessor Notifications."

Current subprocessors

The table below will be populated with named subprocessors before the service becomes generally available. Each entry will include the provider name, purpose, category of data processed, and processing location.

Provider	Purpose	Data categories	Location
Cloud infrastructure provider	Compute, storage, networking	All customer data	US (default); EU on request
Foundation-model provider(s)	AI inference for agent actions	Operational data as needed per task	US / EU depending on provider
Transactional email provider	Account and system email	Email addresses, message content	US
Website analytics	Aggregate site metrics	IP-derived rough location, page views	US / EU depending on provider

Specific vendor names will be added here as they are engaged. Customers under an active MSA can request the current named list at any time by emailing [email protected].

How we vet subprocessors

Every subprocessor is bound by written data-protection terms at least as strict as the commitments we make to our customers. New subprocessors go through a security and privacy review before they touch customer data.

How to object

If a newly announced subprocessor presents a data-protection concern, reply to the notification within 30 days and we'll work with you to resolve it. If we can't, you may terminate the affected service and receive a pro-rata refund of prepaid, unused fees.