Data residency
EU-first infrastructure with explicit transfer visibility.
Corelyx does not make a blanket claim that all data remains in the EU. EU-only mode can restrict storage, logs, model providers, and workflow execution to approved EU/EEA infrastructure for eligible workflows. Some connected services, model providers, email providers, analytics tools, or customer-selected integrations may process data outside the EEA. Corelyx shows this before activation.
Standard mode
Allows customer-selected providers and integrations subject to the workflow checklist, DPA, SCC, and transfer-basis warnings.
EU-only mode
Blocks providers that are not marked as EU-supported with DPA, SCC or transfer-basis evidence, and verified regional controls.
Customer-configured services
Regional eligibility may depend on the customer account for Google, Microsoft, Slack, model-provider, or cloud-provider account.
Residency matrix
Reviewed provider entries used by the public subprocessor registry and in-app compliance checks.
| Provider | Purpose | Default region | EU-only support | Leaves EEA | Transfer basis | Retention |
|---|---|---|---|---|---|---|
Supabase database | Database, authentication, realtime APIs, and Vault-backed secret references. | Configured Supabase project region, expected EU for Corelyx production. | Eligible | No obvious transfer | DPA and SCCs where the configured project or subprocessors involve third-country processing. | Controlled by Corelyx database retention settings and Supabase backup rotation. |
Vercel hosting | Hosts the Next.js web app, API routes, static assets, and deployment logs. | Global CDN; server compute depends on project region configuration. | Eligible | Possible | DPA and transfer addendum; EU-only support depends on project routing and log configuration. | Deployment and request logs follow Vercel account retention and Corelyx log minimisation settings. |
Railway hosting | Hosts the Python workflow runtime used for execution steps. | Configured Railway service region. | Eligible | No obvious transfer | DPA and SCCs where the runtime or subprocessors involve third-country processing. | Runtime logs are minimised and governed by workspace retention settings where technically available. |
Inngest orchestration | Schedules, retries, event dispatch, and asynchronous workflow orchestration. | Provider-managed cloud location based on the configured Inngest account. | Not eligible / needs review | Possible | DPA and SCCs required if personal data is sent through orchestration events. | Event retention depends on the Inngest account and should not include secrets or full payloads in EU-only mode. |
Resend | Transactional email for approvals, failures, account, and billing notices. | United States for account data, email metadata, logs, and API records. | Not eligible / needs review | Possible | DPA and SCCs required for EEA personal data. | Provider email logs follow Resend retention; Corelyx avoids sending secrets in notifications. |
Stripe payments | Checkout, subscriptions, invoices, payment processing, and fraud prevention. | Provider-managed financial infrastructure. | Not eligible / needs review | Possible | DPA, SCCs, adequacy mechanisms, and payment-law processing roles depending on account setup. | Billing and tax data is retained as required by law. |
OpenAI llm | Optional model inference for workflow agent nodes and model operations. | United States by default unless eligible European data residency is configured in the customer or platform account. | Eligible | Possible | DPA and SCCs unless an eligible EU-resident project is verified for the workspace. | Retention depends on account, API project, abuse monitoring, and zero-data-retention settings. |
Anthropic llm | Optional model inference for workflow agent nodes. | United States for customer data unless otherwise agreed. | Not eligible / needs review | Possible | DPA and SCCs required for EEA personal data. | Commercial API retention is provider-controlled and subject to policy and abuse-monitoring exceptions. |
OpenRouter llm | LLM routing layer used by the Corelyx platform key to execute agent nodes. Also optionally used when a customer configures their own OpenRouter API key. | Provider-managed global infrastructure. EU routing available on enterprise OpenRouter accounts. | Not eligible / needs review | Possible | No signed DPA or SCCs currently in place. Corelyx is pursuing an enterprise DPA with OpenRouter. Until completed, customers should treat OpenRouter as a third-country transfer risk and avoid routing special-category or high-risk personal data through the Corelyx platform key. | OpenRouter states prompts are not used for training and are not retained beyond request processing by default. Verify current policy at openrouter.ai/privacy. |
connector | Google Sign-In (OAuth authentication available to all users). Optionally also used for Gmail, Calendar, Docs, Drive, and Sheets workflow actions when explicitly connected. | Provider-managed; depends on Google account, Workspace region, and service. | Eligible | Possible | Google terms, DPA, SCCs, and customer tenant controls. | Sign-In profile data retained for the life of the account. Connector data retention is controlled by the connected Google account or tenant. |
Customer-configured HTTP endpoint connector | Customer-configured webhook or HTTP connector calls to arbitrary public endpoints. | Customer-configured destination. | Not eligible / needs review | Possible | Customer must document recipient, DPA, SCCs, and transfer basis before personal-data use. | Retention is controlled by the customer-configured endpoint. |
For processor terms and subprocessor change notice, see the DPA and Subprocessors pages.