Subprocessors
Questions: [email protected].
Enji Guard uses subprocessors to provide, secure, and support the service. Subprocessors may process personal data, Customer Content, or technical data only for the purposes described in the Privacy Policy and applicable agreements.
No additional production subprocessor categories are expected for the current service beyond repository hosting, sign-in, approved AI/coding providers, transactional email, feedback/support delivery, CDN/security edge, and Google-hosted application infrastructure. Database, object-storage, observability, logging, and backup/restore components are open-source or self-hosted technologies rather than separate third-party subprocessor vendors in this policy.
Self-serve billing and payment processing are planned but not part of this subprocessor list. Do not list a billing or payment processor until a production billing flow is enabled.
Subprocessor List
| Subprocessor | Purpose | Data categories | Customer code/content? | Status |
|---|---|---|---|---|
| GitHub | Repository hosting, GitHub App install, repo verification, issues, pull requests, comments | Repository metadata, code, issues, PRs, comments | Yes, for connected repositories | GitHub App manifest uses contents/issues/pull requests write and metadata read |
| Google / Google Cloud | OAuth sign-in and application hosting | Account identity, application data, logs, request metadata | Possible through hosting infrastructure | Production hosting provider |
| OpenAI | AI model API or business/developer AI services | Task context, code snippets, reports, logs, outputs | Yes, depending on selected route | Approved AI provider |
| Anthropic, PBC | AI model API and related commercial API routes | Task context, code snippets, reports, logs, outputs | Yes, depending on selected route | Approved AI provider |
| MOONSHOT AI PTE. LTD. | Kimi OpenPlatform API | Task context, code snippets, reports, logs, outputs | Yes, depending on selected route | Approved AI provider; Singapore-operated route |
| ANOMALY INNOVATIONS, INC. | OpenCode / OpenCode Enterprise / OpenCode Zen, depending on production configuration | Coding-agent context, share content if hosted sharing is enabled | Possible | Approved coding tool provider |
| Anysphere, Inc. | Cursor platform, CLI, agents, or related Cursor services if used in production workflows | Coding-agent context, prompts, code snippets, outputs | Possible | Approved coding tool provider |
| Resend | Transactional email | Recipient email, subject, rendered email body, delivery metadata | Usually no code; reports may be linked | Production transactional email provider |
| Third-party communication/support tooling | Feedback handling | Feedback text, user email, screenshots | Possible if screenshots contain content | Production feedback processing category |
| Cloudflare | TLS, tunnel/CDN/security edge if used | IP address, request metadata, headers | No intended code processing | Production CDN/security edge provider |
| Open-source/self-hosted infrastructure technologies | Database, object storage, observability, logging, and backup/restore components operated by Enji.ai | Account data, metadata, reports, logs, settings, task outputs | Possible | Not separate third-party subprocessor vendors |
AI Provider Rule
Enji Guard does not train or operate its own foundation models.
Customer code and task data should be processed only by approved third-party AI model providers and coding tool providers under their public data-use and retention terms unless a separate written agreement says otherwise.
The approved AI/coding provider list for this policy is OpenAI, Anthropic, MOONSHOT AI PTE. LTD. for Kimi OpenPlatform, ANOMALY INNOVATIONS, INC. for OpenCode, and Anysphere, Inc. for Cursor.
Customers with strict provider, residency, or retention requirements can contract with Enji.ai for an on-premises or customer-controlled deployment. For that deployment model, the customer is responsible for selecting, approving, configuring, and monitoring the AI/coding providers connected to the customer’s environment.
Subprocessor Change Notice
This policy does not publish a separate subprocessor-change notice workflow or DPA terms. Customer-specific commitments can be added later through signed agreements.