Skip to Content
Security & TrustSubprocessors

Subprocessors

Subprocessors are third-party services that may process customer data on behalf of Nairo.

This page summarises services visible from the current platform architecture and configuration. It is intended to help customers understand the types of third-party services involved in authentication, storage, document processing, AI processing and infrastructure.

For the authoritative, contractually binding subprocessor list, notification process and applicable data processing terms, contact your Nairo account team.

Architecture-visible services

Based on the current platform architecture, Nairo may rely on the following categories of third-party services.

Service or categoryRoleData involved
ClerkAuthentication, organisation membership and session managementUser identity, email address, organisation membership and session/session-related data
Google Cloud StorageUploaded file storageUploaded document files and related storage object references
Google Document AIDocument processing and extraction where usedUploaded document content submitted for extraction or parsing
Google Gemini / Vertex AIAI model inference and AI-assisted processingPrompts, selected document content, extracted text and relevant context sent for model processing
Embedding providersEmbedding generation for retrieval and document analysis where configuredExtracted text, chunks or document-derived content used to generate embeddings
Tavily or web search providerOptional internet search for Assistant conversations where enabledSearch queries and search results related to the user’s request
Cloud hosting and database infrastructureApplication hosting, database, networking and operational infrastructureApplication data, metadata, workspace records, conversation data and operational logs, depending on deployment
Observability and operational toolingLogging, monitoring, debugging and service reliability where configuredOperational logs, error events, metadata and diagnostic information

Not every service is used for every customer, workspace or product surface. Actual subprocessors depend on the deployment, enabled features, model configuration and contractual setup.

Clerk

Nairo uses Clerk for authentication and organisation-based access.

Clerk may process information required for sign-in, sign-up, organisation membership, session issuance and related identity workflows.

Typical data involved may include user identity, email address, organisation membership and session-related information.

Google Cloud Storage

Uploaded documents are stored in Google Cloud Storage.

This may include documents uploaded to Library, Projects and supported product surfaces.

Access to stored documents is controlled through Nairo’s application authentication, tenant context and document access model.

Google Document AI

Nairo may use Google Document AI for document extraction or parsing where configured.

When used, document content may be submitted for processing so that Nairo can extract text or structured information needed for downstream review, retrieval or AI-assisted analysis.

Google Gemini and Vertex AI

Nairo currently uses Gemini-family models for generative AI features.

Depending on deployment configuration, model execution may use Gemini API or Vertex AI infrastructure.

Data sent for model processing depends on the product surface and user action. It may include prompts, selected document content, extracted text, chunks, structured values or other relevant context required to generate the requested output.

For more detail, see Model Providers and AI Usage and Human Review.

Embedding providers

Nairo may use embedding models to support retrieval, search and document analysis.

Embedding inputs may include extracted text, chunks or other document-derived content.

The specific embedding provider may depend on deployment configuration. Customers with restrictions on model providers or embedding providers should confirm the configured setup with Nairo before rollout.

Internet search may be available for Assistant conversations where enabled.

When web search is enabled, the search provider may process user search queries and return external search results used as context for the Assistant response.

Internet search should not be assumed to be enabled globally across all product surfaces.

Customers with restrictions on external search or internet-connected AI features should confirm whether web search is enabled for their workspace.

Cloud infrastructure

Nairo runs on cloud infrastructure for application hosting, database, storage, networking and operational services.

Specific infrastructure providers, deployment regions and contractual commitments should be confirmed in the applicable agreement, DPA and security materials.

This page should not be treated as the authoritative source for hosting region, data residency or deployment-specific infrastructure commitments.

Observability and operational tooling

Nairo may use logging, monitoring, debugging and observability tools to operate the service, investigate errors and maintain reliability.

Operational tooling may process metadata, logs, error traces or diagnostic information.

The specific tools used may depend on the deployment and should be confirmed through the contractual subprocessor list.

Surface-specific processing

Subprocessor involvement may differ by product surface.

For example:

  • Assistant may use backend-managed model execution and optional web search where enabled
  • Projects may use backend-managed model execution over uploaded Project materials
  • Insight Table uses backend-managed execution for column review
  • Experts and Actions may use client-side Gemini calls where configured
  • Library may use storage, extraction and retrieval-related processing

Customers should confirm the current execution path for the surfaces they plan to use, especially before uploading sensitive or regulated materials.

What this page is not

This page is an architectural summary for orientation during security review.

It is not:

  • A legally binding subprocessor list
  • A complete list guaranteed to be current
  • A formal subprocessor notification
  • A substitute for the Data Processing Agreement
  • A guarantee of data residency or hosting region
  • A guarantee that every service is used for every customer
  • A replacement for customer procurement, legal or security review

The contractual subprocessor list and DPA should be treated as the authoritative sources.

Getting started

Request the current subprocessor list, DPA and any applicable security materials from your Nairo account team.

Before rollout, confirm:

  • Which model providers are enabled
  • Whether Vertex AI or Gemini API is used
  • Whether web search is enabled
  • Which document processing services are used
  • Which cloud regions apply
  • Which subprocessors are included in the contractual list
  • What notification process applies if subprocessors change