Legal
Public Subprocessor List
This page lists third-party subprocessors that Odin may use to provide, secure, maintain, and improve the Odin service.
Odin is operated by Piotr Graczyk, Ludowa 26/8, 64-920 Pila, Poland, NIP: 7642716927.
For privacy questions, contact legal@odinbrain.wiki.
A "subprocessor" is a third-party service provider that may process customer personal data on behalf of Odin while Odin provides the service to business customers.
Customers authorize Odin to use subprocessors as described in the Odin Data Processing Agreement.
Infrastructure and hosting subprocessors
| Subprocessor | Purpose | Data processed | Location / transfer notes | Status |
|---|---|---|---|---|
| Railway | App hosting, API hosting, managed PostgreSQL, managed Redis, and project asset storage | Application data, customer content, project assets, files, metadata, logs, database records, job payloads, and queue data | May include EEA and non-EEA processing depending on selected Railway deployment region and infrastructure | Active |
AI and model subprocessors
| Subprocessor | Purpose | Data processed | Location / transfer notes | Status |
|---|---|---|---|---|
| OpenRouter | AI routing for chat, classification, summarization, wiki compilation, embeddings | Prompts, chat messages, wiki excerpts, raw excerpts, metadata, embeddings requests | May route to providers outside the EEA | Active / planned |
| Underlying OpenRouter model providers, such as xAI, OpenAI, or others selected by configuration | AI inference and embeddings | Content sent through OpenRouter depending on selected model | Depends on selected provider | Must be controlled by model configuration |
Recommended production rule: use Zero Data Retention capable routes where available, disable prompt/completion logging, and avoid providers that train on customer content unless explicitly approved by the customer.
Analytics and product improvement subprocessors
| Subprocessor | Purpose | Data processed | Location / transfer notes | Status |
|---|---|---|---|---|
| PostHog | Analytics, session replay, error tracking | User identifiers, email, name, usage events, device data, session data, replay data | Recommend PostHog Cloud EU or self-hosted EU deployment | Active / planned |
Recommended production rule: load PostHog only after analytics/session replay consent where required. Use PostHog Cloud EU or self-hosted EU deployment for robust GDPR alignment.
Email subprocessors
| Subprocessor | Purpose | Data processed | Location / transfer notes | Status |
|---|---|---|---|---|
| Resend | Transactional email, magic links, organization invitations | Email address, email body, sign-in URLs, invitation URLs | May involve non-EEA processing | Active / planned |
Customer-controlled integration subprocessors
These subprocessors are used only when the customer or authorized users connect the relevant integration.
| Subprocessor | Purpose | Data processed | Location / transfer notes | Status |
|---|---|---|---|---|
| GitHub | Repository, issue, pull request, code metadata, and related integration features | OAuth tokens, repository metadata, code metadata, issues, pull requests, queries | Depends on GitHub processing locations | Optional integration |
| Atlassian Jira | Jira issue and project integration | OAuth tokens, issue data, project data, user metadata | Depends on Atlassian processing locations | Optional integration |
| Linear | Issue and project integration | OAuth tokens, issue data, project data, user metadata | Depends on Linear processing locations | Optional integration |
| Figma | Design file integration | OAuth tokens, file metadata, design content selected or accessed by integration | Depends on Figma processing locations | Optional integration |
| Slack | Slack bot, events, mentions, DMs, workspace integration | Workspace metadata, message text directed to Odin, user linkage, Slack IDs | Depends on Slack processing locations | Optional integration |
| Google Drive | Selected file integration | OAuth tokens, selected files, file metadata, user account data | Depends on Google processing locations | Optional integration |
| Gmail | Selected message or thread integration | OAuth tokens, selected emails, message metadata, thread data | Depends on Google processing locations | Optional integration |
| Fireflies.ai | Meeting summary integration | API keys, webhook payloads, meeting summaries, participant data | Depends on Fireflies processing locations | Optional integration |
Static asset subprocessors
| Subprocessor | Purpose | Data processed | Location / transfer notes | Status |
|---|---|---|---|---|
| Vercel Blob, if used | Static email logo or asset hosting | Static asset references, not customer content by default | Depends on Vercel processing locations | Optional |
Subprocessor changes
Odin may update this list from time to time as the service evolves.
Where required by contract or applicable law, Odin will provide notice of material subprocessor changes and allow customers to object on reasonable data protection grounds.
Customer responsibilities
Customers are responsible for deciding which integrations to connect and for ensuring they have the right to process data from those integrations through Odin.
Customers should review their own obligations to notify users, employees, contractors, and other data subjects before connecting third-party tools to Odin.
Contact
For privacy or subprocessor questions, contact legal@odinbrain.wiki.