senexCH
  1. § 00 Mosaic Theory AI
  2. § 02 Use cases
  3. § 03 Compliance
  4. § 04 The market
  5. § 05 Tiers & pricing
  6. § 06 Founder
  7. § 07 FAQ
Book a demo →
51.5074° N, 0.1278° W · LDN
46.2331° N, 7.3606° E · SIR
§ Legal — Sub-processors senex.ch

Sub-processors

Effective date: 29 May 2026
Version: 0.4 — Cloudflare-only pilot publish candidate
Product: Mosaic Theory AI

This page explains the third-party providers that Senex Intelligence Ltd (Senex) uses to process Customer Data for Mosaic Theory AI.

1. Current default posture

Cloudflare is Senex's core infrastructure provider and the sole Approved Sub-processor for the default locked pilot and Entry-tier configuration.

Senex configures Customer Content storage and other persistent data stores for European Union jurisdiction where supported by the relevant Cloudflare service and confirmed in Senex's technical configuration.

This is not a blanket European-Union-only processing claim. Cloudflare edge compute, artificial-intelligence inference, vector search, queues, logs, analytics, operational metadata, support, and administrative processing may be subject to Cloudflare's global network, service-specific regional controls, and documented exceptions. Unless an Order Form expressly states otherwise, Senex does not represent that every Cloudflare processing operation, metadata item, log, inference operation, or vector-search operation occurs only in the European Union.

2. Approved Sub-processor

Sub-processor Purpose Location and regional posture Customer Data processed Status
Cloudflare Core application infrastructure, edge compute, Workers AI inference, databases, object storage, vector search-index infrastructure, key-value storage, queues, Durable Objects, security controls, analytics/logging, and audit-log storage Cloudflare global network with service-specific regional controls. Senex configures Customer Content storage, audit archives, D1 control-plane data, the consolidation-scheduler Durable Object, and worker-log storage for European Union jurisdiction where supported and confirmed. Other processing, including edge compute, artificial-intelligence inference, vector search, key-value storage, queues, Durable Object compute other than that consolidation scheduler, analytics, support, administrative processing, and operational metadata, may be global or subject to documented service-specific exceptions. Customer Content, extracted text, derived search data, prompts, questions, retrieved passages, Outputs, user/account data, audit and security logs, operational metadata, and support data where applicable Approved for the Cloudflare-only default configuration

3. Cloudflare service-by-service map

Cloudflare service Mosaic Theory AI usage Current publication position
R2 object storage Customer documents and immutable audit archives European Union-jurisdiction buckets where supported and confirmed. Audit bucket uses write-once retention controls.
D1 Per-tenant control plane, settings, audit index, billing and metadata European Union-jurisdiction databases where supported and confirmed. Workers may still access a jurisdiction-constrained database from Cloudflare's global network.
Workers Gateway and per-tenant application compute Global edge network unless a separate Order Form expressly states and configures a narrower commitment.
Workers AI Query embeddings and answer generation in the default Cloudflare-only configuration Cloudflare service-specific/global processing. Not represented as European-Union-only.
Vectorize Per-tenant vector search Cloudflare service-specific/global processing. Not represented as European-Union-only.
KV Transient cache and state Cloudflare service-specific/global processing. Not represented as European-Union-only.
Queues Asynchronous ingest dispatch Cloudflare service-specific/global processing. Queue messages are intended to contain operational metadata, such as tenant identifiers, document identifiers, and job state, not raw Customer Content.
Durable Objects and container hosts Scheduling, debounce state, and transient document-processing hosts The consolidation-scheduler Durable Object is configured for the European Union jurisdiction (a Cloudflare jurisdiction-restricted Durable Object namespace); transient document-processing container hosts use Cloudflare service-specific/global processing unless separately configured and agreed. Scheduler state is intended to contain operational metadata. Certain transient document-processing components may process Customer Content temporarily but are not intended to persist it.
Logpush to R2 Worker logs R2-backed worker-log storage is configured for European Union jurisdiction where supported and confirmed, but log generation, analytics, support, and administrative handling may be service-specific or global.

4. Not approved or enabled by default

The following providers are not approved for the Cloudflare-only default configuration unless separately authorised under the customer agreement, Data Processing Agreement, product setting, or Order Form.

Provider Potential purpose Status
Anthropic BYOK Customer-enabled answer generation using Customer's own Anthropic account and application programming interface key Not enabled by default. Customer must expressly authorise transmission to Anthropic, accept Anthropic's commercial and data-processing terms, and assess transfer consequences before use.
Anthropic platform key Senex-appointed artificial-intelligence model provider using a Senex-held Anthropic account or key Not approved by default. Would be treated as a conditional Senex Sub-processor requiring separate customer authorisation and transfer safeguards.
Modal Labs Optional document conversion or transient processing Not approved by default. Requires separate customer authorisation and transfer safeguards before use.
cloudscale.ch or another Swiss-sovereign hosting provider Future Enterprise-tier hosting and compute substrate Not active for the default Entry tier. Enterprise-specific terms require separate review before first Enterprise customer signature.
OpenAI or Google artificial-intelligence services Artificial-intelligence model processing Not used for Customer Data unless Customer expressly authorises the provider in writing or through an agreed product setting.

5. New or replacement Sub-processors

Senex will notify Customers at least 30 days before appointing a new or replacement Approved Sub-processor, unless shorter notice is reasonably necessary to maintain the security, availability, or continuity of the Service.

Customers may object to a new or replacement Approved Sub-processor on reasonable data-protection grounds by notifying Senex within 15 days after receiving notice. The parties will work in good faith to resolve the objection.

6. Contact

Questions about sub-processors or data-processing terms can be sent to hello@senex.ch.