Data Transparency
These services collect indirect but personally identifying metadata (IP, location, behavior patterns).
We carefully evaluate all providers based on their security certifications, privacy policies, and compliance with global regulations. We aim to minimize data access and store only what is necessary to provide a smooth, secure experience.
Providers listed here may change over time as we improve our tools and services. We will update this table accordingly to maintain transparency.
Updated: April 29, 2025
Third-Party Service Providers & Data Handling Summary
Provider
Purpose
Data Accessed
Security Measures / Compliance
Used in AI pipeline?
Airtable
Airtable
Airtable
Airtable
Yes
Amazon Web Services (AWS)
Secure file uploads and object storage (S3), key management (KMS)
Uploaded files (e.g. documents for processing); S3 bucket metadata
KMS-managed encryption keys (SSE-KMS), multi-region redundancy, IAM-based access control; encryption at rest and in transit; scalable setup to support international users; GDPR-compliant configuration
Yes
ChromaDB
Stores vector embeddings of internal documents to enable AI-powered semantic search and Q&A
Text chunks of curated internal documents (no direct user-submitted data)
Currently stored locally with restricted access; planned migration to encrypted, access-controlled cloud hosting; no PII stored
Yes
GitHub
Repository hosting for public AI-related research and code
Repository metadata, README content, public code files only (no user-submitted data)
HTTPS encryption, 2FA, role-based access control, audit logs, vulnerability scanning, and SOC 2 Type II compliance
Yes
Google Analytics / GA4
Website traffic monitoring and behavior analysis
IP address, device info, browser type, pages visited, session duration, location (approximate)
IP anonymization available; GDPR- and CCPA-compatible when configured properly; encrypted in transit
No
Local Development Tools
Local document processing and testing environment
Internal files (no user-submitted data)
Device-level encryption, user-controlled access
Yes
Meta Pixel / Facebook Ads
Ad performance tracking and retargeting
IP address, device/browser info, activity on site (e.g. page views, conversions)
Follows Meta’s Data Policy; supports GDPR opt-out via Consent Mode; data encrypted and processed in Meta infrastructure
No
Obsidian
Knowledge base powering custom GPT responses
Structured internal prompts and reference content (non-user data)
Local file encryption, secured access, not cloud-synced by default
Yes
OpenAI
AI-powered chatbot and content generation
User inputs into chatbot (text only; no PII unless voluntarily given)
End-to-end encryption, GDPR-aligned, data not used for training
Yes
OpenAI API (Embedding/Classification)
Processes chunks of text to generate vector embeddings or categorize content
Text snippets of non-user-facing internal data
End-to-end encryption, GDPR-aligned, data not used for training
Yes
PayPal
Payment processing
Name, billing details (securely handled by PayPal only)
PCI-DSS Level 1, encryption, fraud prevention
No
Stripe
Payment processing
Name, billing details (securely handled by Stripe only)
PCI-DSS Level 1, SOC 2, GDPR/CCPA compliant
No
Wix
Website hosting, forms, design, member login
IP address, contact forms, cookies
ISO 27001, GDPR, CCPA, encrypted storage
Yes
Zapier
Workflow automation between third party tools
Workflow data from connected services (no direct user data from this site)
TLS encryption, OAuth2, role-based access, audit logs
Yes