Legal

Subprocessors

Last updated: 19 March 2026

Cailos routes your API requests to third-party LLM providers ("subprocessors") based on your routing configuration. The content of your requests is processed by these providers according to their own privacy policies and terms of service.

Before any request reaches a subprocessor, Cailos applies PII shielding (via LLMShield) to detect and cloak personally identifiable information in transit. However, the semantic content of your prompts is visible to the routed provider.

LLM Inference Providers

Your requests may be routed to any of the following providers depending on your model selection, optimisation strategy, and endpoint availability:

Provider Purpose Location Privacy Policy
OpenAILLM inferenceUSLink
AnthropicLLM inferenceUSLink
Google (Gemini)LLM inferenceUSLink
CohereLLM inferenceCALink
GroqLLM inferenceUSLink
Together AILLM inferenceUSLink
DeepInfraLLM inferenceUSLink
ScalewayLLM inferenceFR (EU)Link
CerebrasLLM inferenceUSLink
NCompassLLM inferenceUSLink
NScaleLLM inferenceEULink
InceptionLLM inferenceAELink
OpenRouterLLM inference routingUSLink
Novita AILLM inferenceUSLink
SambaNovaLLM inferenceUSLink
TinfoilLLM inference (secure enclave)USLink
xAILLM inferenceUSLink
BytePlusLLM inferenceSG (AP-Southeast)Link

Infrastructure Providers

Provider Purpose Location
RailwayApplication hosting (web server, Celery workers)US
Neon / PostgreSQLDatabase (account data, request logs, endpoint config)US
Redis (Upstash)Caching (rate limits, circuit breakers, live TPS/latency)US
CloudflareDNS, CDN, DDoS protectionGlobal
AxiomStructured log ingestion and observabilityEU

PII Shielding

Cailos uses LLMShield to detect and cloak PII before requests reach any LLM inference provider. This means personally identifiable information (names, emails, phone numbers, addresses, etc.) is replaced with tokens before transit and restored in the response. The upstream provider never sees the raw PII.

Trust Levels

Each endpoint in Cailos is assigned a trust level (0-3) based on the provider's data handling practices:

0 — LOWNo specific data handling guarantees
1 — STANDARDEncrypted in transit, standard provider terms
2 — HIGHSOC 2 / GDPR compliant, no training on customer data
3 — MAXIMUMSecure enclave, zero-knowledge inference, or on-premise

You can control which trust levels your requests are routed to via the trust_level routing hint.

Changes

We will update this page when subprocessors are added or removed. Material changes will be communicated to account holders via email.

Home Privacy Terms