Effective date: 14 May 2026 · Last updated: 14 May 2026
This page lists third-party providers that may process personal data for AgentHeaven. Actual use depends on the customer's plan, selected routing mode, connected tools, and billing method.
Important: Self-hosted model routing and local memory/vector storage are operated by AgentHeaven on controlled VPS infrastructure. In that mode, prompts, source content, customer memory/wiki, and vector data are not sent to third-party LLM providers.
| Provider | Service | Data processed | Location / transfer | Use case |
|---|---|---|---|---|
| Hostinger | VPS hosting | Agent runtime, application files, customer-specific logs and memory/wiki where deployed on Hostinger VPS | Hosting region selected by AgentHeaven; EEA preferred where available | Infrastructure for agent hosting and self-hosted components |
| DigitalOcean | VPS/cloud hosting | Agent runtime, application files, customer-specific logs and memory/wiki where deployed on DigitalOcean infrastructure | Hosting region selected by AgentHeaven; EEA preferred where available; safeguards used for non-EEA transfers | Infrastructure for agent hosting and self-hosted components |
| OpenAI | Third-party LLM provider | Prompts, session context, outputs, and limited business context sent when OpenAI routing is selected or needed | May involve non-EEA processing; DPA and transfer safeguards apply | Frontier-model reasoning and generation |
| Anthropic | Third-party LLM provider | Prompts, session context, outputs, and limited business context sent when Anthropic routing is selected or needed | May involve non-EEA processing; DPA and transfer safeguards apply | Frontier-model reasoning and generation |
| Self-hosted open-source models | LLM inference controlled by AgentHeaven | Prompts, session context, outputs, and customer memory/wiki processed on controlled infrastructure | Controlled VPS infrastructure; no third-party LLM provider receives the prompt in this mode | EU-only or private model routing |
| Composio | Tool integration / connector layer | Connected-tool metadata, OAuth flow data, tool-call payloads, and action results depending on enabled integrations | Provider locations and transfer safeguards apply | Connecting agents to customer-approved tools |
| Cal.eu | Booking | Name, email, meeting time, meeting notes, scheduling metadata | Provider locations and transfer safeguards apply | Consultation booking |
| AgentMail | Email / agent mailbox | Email addresses, message content, headers, delivery metadata, agent email activity | Provider locations and transfer safeguards apply | Agent email, service email, support by email |
| Stripe | Card payments and billing | Billing contact data, payment metadata, invoices, transaction records; card data handled by Stripe | May involve non-EEA processing; DPA and transfer safeguards apply | Subscription payments |
| Google Analytics | Website analytics | Device/browser data, page views, approximate location, events, identifiers where enabled | May involve non-EEA processing; consent and transfer safeguards required where applicable | Website analytics, only when enabled after consent |
| Meta Pixel | Advertising attribution | Page views, lead events, browser/device data, advertising identifiers where enabled | May involve non-EEA processing; consent and transfer safeguards required where applicable | Ad measurement, only when enabled after consent |
The following parties act as independent data controllers rather than sub-processors of AgentHeaven, but are listed here for transparency because Customer personal data may flow to them in the course of providing the Service:
AgentHeaven currently uses custom logs and local files for memory/vector storage on controlled VPS infrastructure. These are internal systems rather than third-party sub-processors, but they may contain session data, activity logs, customer memory/wiki, and vectorized representations of customer-specific business context.
We will give active customers at least 30 days' prior notice before a new sub-processor begins processing Customer personal data, except where a faster change is required to address a security risk, legal requirement, or provider outage, in which case notice will be given as soon as reasonably practicable.
Notice is given by email to the billing contact on file and by updating this page (with the new "Last updated" date at the top). Customers who prefer in-line notification can email info@agentheaven.ai with the subject line "Subscribe: sub-processor updates" to be added to a dedicated change-notification list.
Customers may object to a new sub-processor on reasonable data-protection grounds within the 30-day notice period as described in DPA §6.