Sub-Processors
Last updated: March 29, 2026
DEX Solutions uses the following third-party sub-processors to help deliver, maintain, and improve our platform. Each sub-processor is contractually bound to protect your data and only processes the minimum information necessary to provide the described service.
| Sub-Processor | Purpose |
|---|---|
| Google (Gemini API) | AI-powered data analysis, natural language query processing, and insight generation |
| MongoDB Atlas (AWS) | Primary database hosting for all platform data |
| Vercel | Application hosting, deployment, and edge network delivery |
| Slack Technologies (Salesforce) | Slack bot integration for querying datasets via Slack |
| Microsoft (Teams) | Microsoft Teams bot integration for querying datasets via Teams |
Guidelines for Sub-Processors
All sub-processors engaged by DEX Solutions must meet the following requirements:
- Data Processing Agreement: Each sub-processor must execute a data processing agreement that imposes data protection obligations no less protective than those in our agreements with customers.
- Minimum necessary access: Sub-processors receive only the data strictly necessary to perform their designated function. No sub-processor has access to the full scope of customer data.
- Encryption: All data transmitted to and from sub-processors must be encrypted in transit (TLS 1.2 or higher). Data stored by sub-processors must be encrypted at rest.
- Tenant isolation: Sub-processors must maintain logical isolation between different customers' data. No data from one institution may be accessible to or commingled with another institution's data.
- No secondary use: Sub-processors may not use customer data for any purpose other than delivering the contracted service. Customer data may not be used for training AI models, analytics, advertising, or any other secondary purpose.
- Incident notification: Sub-processors must notify DEX Solutions of any security incident involving customer data within 72 hours of discovery.
- Data deletion: Upon termination of the sub-processor relationship, or upon request, the sub-processor must delete or return all customer data within 30 days and certify destruction.
- Audit rights: DEX Solutions reserves the right to audit or request evidence of compliance from sub-processors, including SOC 2 reports, penetration test results, or equivalent certifications.
Changes to Sub-Processors
We will update this page when we add or remove sub-processors. For Enterprise plan customers, we provide 30 days advance notice before engaging a new sub-processor, allowing you to review and raise any concerns.
If you have questions about our sub-processors or data processing practices, contact us at privacy@dexai.live.