Third-Party Subprocessors & Vendors
Every service that touches your data — what it receives, why, and what it doesn't
Overview
Instafill.ai is not a single system — it relies on third-party cloud infrastructure, AI providers, and services to deliver its functionality. This page is the authoritative list of every vendor that may process data on Instafill's behalf, what category of data each vendor receives, and the scope of that processing.
This list is relevant for GDPR Article 28 compliance (subprocessor disclosure), HIPAA Business Associate Agreement (BAA) evaluation, and general due diligence by security and legal teams. If you are evaluating Instafill for a regulated industry deployment, this page — alongside Compliance & Certifications — is where to start.
AI Providers (Core Processing)
These vendors receive the content of your source documents and form data as part of the AI filling pipeline. This is the category most users have questions about.
OpenAI
Purpose: AI-powered form field filling, field analysis, and data extraction Data received: Extracted source text (from your uploaded documents), form field labels and descriptions, form page screenshots for vision tasks What is NOT sent: Raw uploaded files, payment data, authentication credentials Data retention by vendor: Not retained for training under API terms. OpenAI's API data usage policy applies. Data processing agreement: Available from OpenAI for enterprise customers Region: United States (OpenAI API infrastructure)
Microsoft Azure OpenAI
Purpose: Alternative AI provider for form filling (same capabilities as OpenAI, Azure-hosted) Data received: Same as OpenAI — extracted source text, field context, screenshots Data retention by vendor: Microsoft does not use customer data to train models under Azure OpenAI terms Data processing agreement: Microsoft's standard DPA covers Azure services including Azure OpenAI Region: Configurable per Azure region; EU region available for data residency requirements
Google Gemini
Purpose: Alternative AI provider for specific form filling tasks Data received: Same as OpenAI — extracted source text, field context Data retention by vendor: Not used for training under Gemini API terms Data processing agreement: Available via Google Cloud DPA Region: United States (Gemini API)
Cloud Infrastructure
Microsoft Azure — Blob Storage
Purpose: Primary file storage for uploaded documents and filled PDFs Data received: Encrypted source files (PDFs, Word docs, images) and filled PDF outputs Encryption: All files are AES-256 encrypted by Instafill before upload — Azure receives only ciphertext, not readable document content. Azure's own server-side encryption applies as an additional layer. Region: Instafill's primary Azure region Data processing agreement: Microsoft's standard Azure DPA
Microsoft Azure — Key Vault
Purpose: Storage and management of encryption keys Data received: AES-256 encryption keys (one set per workspace, 5-key rotation) Note: Key Vault stores the keys that encrypt your data — it does not store your actual data Region: Same as Blob Storage region Data processing agreement: Covered under Microsoft Azure DPA
Database
MongoDB Atlas
Purpose: Primary application database — sessions, forms, profiles, users, organizations Data received: All structured application data including encrypted source text, encrypted field values, session metadata, form definitions, user accounts Encryption: Text fields encrypted at application layer (AES-256) before storage. MongoDB Atlas encryption at rest applies as an additional layer. Region: Instafill's configured Atlas cluster region Data processing agreement: MongoDB Atlas DPA available
Authentication & Security Services
Twilio
Purpose: SMS delivery for Two-Factor Authentication (2FA) Data received: User phone number, one-time verification code Data received only when: 2FA is enabled and a login event triggers an SMS code Not received: Document content, form data, source files Data processing agreement: Twilio DPA available
Cloudflare Turnstile
Purpose: CAPTCHA / bot detection on signup and login pages Data received: Browser fingerprint signals (JavaScript challenges) Not received: Document content, account credentials Data processing agreement: Cloudflare DPA available
IPinfo
Purpose: IP address reputation check at signup — blocks cloud/datacenter IPs to prevent abuse Data received: User IP address at the moment of account creation Not received: Document content, form data Data processing agreement: IPinfo privacy policy applies
Document Conversion
Google Drive API
Purpose: Word (.doc, .docx, .docm) to PDF conversion Data received: The Word file bytes uploaded by the user, temporarily, for conversion Retention: The file is uploaded to a service account folder, converted to PDF, and the intermediate file is deleted immediately after conversion. No persistent storage. Data processing agreement: Google Cloud DPA applies to Workspace/API usage
Adobe PDF Services
Purpose: Alternative Word-to-PDF conversion path Data received: Word file bytes, temporarily, for conversion Retention: Processed per-request; Adobe PDF Services API does not retain uploaded documents after conversion per their API terms Data processing agreement: Adobe PDF Services DPA available
Analytics & Observability
Amplitude
Purpose: Product usage analytics — understanding feature adoption and user behavior Data received: User ID (anonymized identifier), event type (e.g., "session_created", "form_filled"), IP address, device type, timestamp Not received: Document content, source text, form field values, filled data Data processing agreement: Amplitude DPA available
LangSmith (by LangChain)
Purpose: AI prompt tracing and quality observability for Instafill's engineering team Data received: Prompt template names, token counts, latency metrics, model identifiers, user ID / workspace ID as trace metadata Not received by default: Source document content or filled field values (full prompt content tracing is configurable and off by default for production) Data processing agreement: LangSmith DPA available
Payments
Stripe
Purpose: Payment processing and subscription management Data received: Billing information (card details, billing address) for subscription purchases Not received: Document content, form data, source files, filled PDFs PCI compliance: Stripe is PCI DSS Level 1 certified. Instafill does not touch or store payment card data — all payment processing is handled directly by Stripe. Data processing agreement: Stripe DPA available
Summary Table
| Vendor | Category | Receives document content? | Receives PII? | DPA available? |
|---|---|---|---|---|
| OpenAI | AI provider | Yes (extracted text) | Potentially (in source docs) | Yes |
| Azure OpenAI | AI provider | Yes (extracted text) | Potentially | Yes (Azure) |
| Google Gemini | AI provider | Yes (extracted text) | Potentially | Yes (GCP) |
| Azure Blob Storage | File storage | Yes (encrypted) | Potentially (encrypted) | Yes (Azure) |
| Azure Key Vault | Key management | Keys only | No | Yes (Azure) |
| MongoDB Atlas | Database | Yes (encrypted) | Yes (encrypted) | Yes |
| Twilio | SMS / 2FA | No | Phone number only | Yes |
| Cloudflare Turnstile | Bot detection | No | No | Yes |
| IPinfo | IP reputation | No | IP address | N/A |
| Google Drive API | Doc conversion | Yes (temp only) | Potentially (temp only) | Yes (GCP) |
| Adobe PDF Services | Doc conversion | Yes (temp only) | Potentially (temp only) | Yes |
| Amplitude | Analytics | No | User ID, IP | Yes |
| LangSmith | AI observability | No (metadata only) | User/workspace ID | Yes |
| Stripe | Payments | No | Billing info only | Yes |
Security & Privacy
Encryption before third-party storage: Files sent to Azure Blob Storage are AES-256 encrypted by Instafill before upload. Azure receives ciphertext. Your encryption keys (stored in Azure Key Vault) are the only way to decrypt — Azure cannot read your file content without Instafill's key management.
Temporary processing: Google Drive API and Adobe PDF Services receive Word files only for the duration of conversion. No persistent storage occurs at these vendors after conversion completes.
AI providers and training: AI providers listed above process your data under API terms that prohibit using API submissions to train models. This is distinct from consumer products (ChatGPT, Gemini chatbot) which may use input for improvement.
Subprocessor changes: When Instafill adds, changes, or removes a subprocessor, this page is updated. Customers subject to GDPR with subprocessor notification obligations in their DPA can contact support to arrange advance notification.
Common Questions
Can I request a Data Processing Agreement (DPA) with Instafill?
Yes. GDPR-regulated organizations that require a DPA with Instafill as a data processor can request one via the sales or support team. The DPA covers Instafill's obligations as a processor, including the list of subprocessors on this page as required by GDPR Article 28.
Schedule a conversation to discuss DPA requirements.
Does any vendor receive my documents unencrypted?
AI providers (OpenAI, Azure OpenAI, Gemini) receive extracted text from your documents — in plain text — as part of the filling prompt. This is necessary for the AI to read and understand your source data.
Azure Blob Storage and MongoDB receive your data encrypted. They cannot read the content without the encryption keys managed in Azure Key Vault.
Google Drive API and Adobe PDF Services receive Word file bytes temporarily for format conversion — these are not retained after conversion.
Is Instafill GDPR-compliant? Who is the data controller?
For GDPR purposes: your organization is the data controller (you decide what data to process and why). Instafill.ai is the data processor (we process it on your behalf per your instructions). The vendors listed on this page are subprocessors.
See Compliance & Certifications for full GDPR, HIPAA, and SOC 2 detail.
What happens to vendor data when I delete my account?
Instafill executes a full data deletion process that covers all application data in MongoDB and Azure Blob Storage. Vendor-side retention depends on each vendor's policies — for example, Stripe retains billing records for their legal obligations, and Amplitude may retain aggregated analytics data per their retention policy. Document content at AI providers is not retained beyond the API request scope and requires no explicit deletion action.