Trust
Subprocessors
Last updated: June 27, 2026
Myellin uses trusted infrastructure and AI service providers to operate the product. Provider use depends on the features a user enables, organization policy, and the API keys configured in the workspace.
Core infrastructure
- Vercel: application hosting and edge delivery. Role: infrastructure processor. Location: global hosting and routing infrastructure based on deployment configuration. Retention: platform logs and deployment records follow Vercel retention settings.
- Supabase: database, authentication, and storage infrastructure. Role: database, auth, and storage processor. Location: configured project region plus supporting infrastructure. Retention: customer content, auth data, and storage objects remain until deleted, retained by policy, or aged out of backups.
- Microsoft 365: business email routing for the Myellin domain. Role: business communications processor. Location and retention follow the Microsoft 365 tenant and service configuration.
Optional AI providers
Optional AI providers receive selected content only when a user starts a workflow that needs that provider, or when an organization policy permits platform-provider fallback. Customer-provided API keys are encrypted in Myellin and sent server-side only to run the requested provider call.
- OpenAI: optional AI inference provider.
- Anthropic: optional AI inference provider.
- Google: optional AI inference provider.
- Moonshot: optional AI inference provider.
- xAI: optional AI inference provider.
- DeepSeek: optional AI inference provider.
AI provider locations and retention are governed by the enabled provider's terms, enterprise configuration, and API-key account settings. Myellin does not claim a provider is globally disabled unless the organization policy or deployment configuration enforces that restriction.
Update process
Myellin updates this page before adding a material new subprocessor for production customer data. Customers can request notification, procurement review, or objection handling by contacting privacy@myellin.com.
Current limitations
Region locking, formal subprocessor change-notice automation, and customer-specific signed subprocessor exhibits are handled through procurement review and are not self-service in the product today.
Questions about subprocessors or enterprise review can be sent to privacy@myellin.com.