Third-Party Subprocessors & Vendors
Every service that touches your data - what it receives, why, and what it doesn't
Overview
Instafill.ai depends on third-party cloud infrastructure, AI providers, and supporting services to operate. This page is the complete list of every vendor that may process data on Instafill's behalf - what each vendor receives, why, and what it does not receive.
If you are a security or legal team evaluating Instafill.ai for a regulated industry deployment - healthcare, legal, financial services, or government - this page covers your GDPR Article 28 subprocessor disclosure requirements and provides the information needed to assess HIPAA Business Associate Agreement (BAA) eligibility. Start here and with HIPAA, GDPR & SOC 2 Compliance for the full compliance picture.
Instafill.ai is used by healthcare organizations automating medical credentialing forms, law firms filling USCIS and client intake forms, and financial teams filling high-volume compliance documents. For those industries, knowing exactly which vendors touch which data is not optional - it is part of the procurement process.
AI Providers (Core Processing)
These vendors receive the content of your source documents and form data as part of the AI filling pipeline. This is the category most security reviewers focus on.
OpenAI
Purpose: AI-powered form field filling, field analysis, and data extraction.
Data received: Extracted source text from your uploaded documents, form field labels and descriptions, form page screenshots for vision tasks.
What is NOT sent: Raw uploaded files, payment data, authentication credentials.
Data retention by vendor: Not retained for training under API terms. OpenAI's API data usage policy applies.
Data processing agreement: Available from OpenAI for enterprise customers.
Region: United States (OpenAI API infrastructure).
For a precise breakdown of what gets sent to AI providers during a fill session - including what is extracted, what stays local, and how the pipeline works - see How Instafill.ai Uses AI Models and Handles Your Data.
Microsoft Azure OpenAI
Purpose: Alternative AI provider for form filling - same capabilities as OpenAI, Azure-hosted.
Data received: Same as OpenAI - extracted source text, field context, screenshots.
Data retention by vendor: Microsoft does not use customer data to train models under Azure OpenAI terms.
Data processing agreement: Microsoft's standard DPA covers Azure services including Azure OpenAI.
Region: Configurable per Azure region; EU region available for data residency requirements.
Google Gemini
Purpose: Alternative AI provider for specific form filling tasks.
Data received: Same as OpenAI - extracted source text, field context.
Data retention by vendor: Not used for training under Gemini API terms.
Data processing agreement: Available via Google Cloud DPA.
Region: United States (Gemini API).
Cloud Infrastructure
Microsoft Azure - Blob Storage
Purpose: Primary file storage for uploaded documents and filled PDFs.
Data received: Encrypted source files (PDFs, Word docs, images) and filled PDF outputs.
Encryption: All files are AES-256 encrypted by Instafill.ai before upload - Azure receives only ciphertext, not readable document content. Azure's own server-side encryption applies as an additional layer.
Region: Texas, USA by default. Other Azure regions available for enterprise data residency requirements.
Data processing agreement: Microsoft's standard Azure DPA.
For full encryption implementation detail including key management and rotation, see Data Encryption & Security.
Microsoft Azure - Key Vault
Purpose: Storage and management of encryption keys.
Data received: AES-256 encryption keys (one set per workspace, 5-key rotation).
Note: Key Vault stores the keys that encrypt your data - it does not store your actual data. Azure cannot read your file content without Instafill's key management layer.
Region: Same as Blob Storage region.
Data processing agreement: Covered under Microsoft Azure DPA.
Database
MongoDB Atlas
Purpose: Primary application database - sessions, forms, profiles, users, organizations.
Data received: All structured application data including encrypted source text, encrypted field values, session metadata, form definitions, and user accounts.
Encryption: Text fields are encrypted at the application layer (AES-256) before storage. MongoDB Atlas encryption at rest applies as an additional layer.
Region: Instafill's configured Atlas cluster region.
Data processing agreement: MongoDB Atlas DPA available.
Authentication & Security Services
Twilio
Purpose: SMS delivery for Two-Factor Authentication (2FA).
Data received: User phone number and one-time verification code - only when 2FA is enabled and a login event triggers an SMS code.
Not received: Document content, form data, source files.
Data processing agreement: Twilio DPA available.
Cloudflare Turnstile
Purpose: CAPTCHA and bot detection on signup and login pages.
Data received: Browser fingerprint signals (JavaScript challenges).
Not received: Document content, account credentials.
Data processing agreement: Cloudflare DPA available.
IPinfo
Purpose: IP address reputation check at signup to block cloud and datacenter IPs that indicate abuse.
Data received: User IP address at the moment of account creation only.
Not received: Document content, form data.
Data processing agreement: IPinfo privacy policy applies.
Document Conversion
Google Drive API
Purpose: Word (.doc, .docx, .docm) to PDF conversion.
Data received: The Word file bytes, temporarily, for conversion only. The file is uploaded to a service account folder, converted to PDF, and the intermediate file is deleted immediately after conversion. No persistent storage.
Data processing agreement: Google Cloud DPA applies.
Adobe PDF Services
Purpose: Alternative Word-to-PDF conversion path.
Data received: Word file bytes, temporarily, for conversion. Adobe PDF Services API does not retain uploaded documents after conversion per their API terms.
Data processing agreement: Adobe PDF Services DPA available.
Analytics & Observability
Amplitude
Purpose: Product usage analytics - understanding feature adoption and user behavior.
Data received: User ID (anonymized identifier), event type (for example, session created or form filled), IP address, device type, timestamp.
Not received: Document content, source text, form field values, filled data.
Data processing agreement: Amplitude DPA available.
LangSmith (by LangChain)
Purpose: AI prompt tracing and quality observability for Instafill's engineering team.
Data received: Prompt template names, token counts, latency metrics, model identifiers, user ID and workspace ID as trace metadata.
Not received by default: Source document content or filled field values. Full prompt content tracing is configurable and off by default for production.
Data processing agreement: LangSmith DPA available.
Payments
Stripe
Purpose: Payment processing and subscription management.
Data received: Billing information (card details, billing address) for subscription purchases.
Not received: Document content, form data, source files, filled PDFs.
PCI compliance: Stripe is PCI DSS Level 1 certified. Instafill.ai does not touch or store payment card data - all payment processing is handled directly by Stripe.
Data processing agreement: Stripe DPA available.
Summary Table
| Vendor | Category | Receives document content? | Receives PII? | DPA available? |
|---|---|---|---|---|
| OpenAI | AI provider | Yes (extracted text) | Potentially (in source docs) | Yes |
| Azure OpenAI | AI provider | Yes (extracted text) | Potentially | Yes (Azure) |
| Google Gemini | AI provider | Yes (extracted text) | Potentially | Yes (GCP) |
| Azure Blob Storage | File storage | Yes (encrypted) | Potentially (encrypted) | Yes (Azure) |
| Azure Key Vault | Key management | Keys only | No | Yes (Azure) |
| MongoDB Atlas | Database | Yes (encrypted) | Yes (encrypted) | Yes |
| Twilio | SMS / 2FA | No | Phone number only | Yes |
| Cloudflare Turnstile | Bot detection | No | No | Yes |
| IPinfo | IP reputation | No | IP address | N/A |
| Google Drive API | Doc conversion | Yes (temp only) | Potentially (temp only) | Yes (GCP) |
| Adobe PDF Services | Doc conversion | Yes (temp only) | Potentially (temp only) | Yes |
| Amplitude | Analytics | No | User ID, IP | Yes |
| LangSmith | AI observability | No (metadata only) | User/workspace ID | Yes |
| Stripe | Payments | No | Billing info only | Yes |
Security Notes
Encryption before third-party storage. Files sent to Azure Blob Storage are AES-256 encrypted by Instafill.ai before upload. Azure receives ciphertext only. Your encryption keys, stored in Azure Key Vault, are the only way to decrypt - Azure cannot read your file content without Instafill's key management.
Temporary processing. Google Drive API and Adobe PDF Services receive Word files only for the duration of conversion. No persistent storage occurs at these vendors after conversion completes.
AI providers and training. All AI providers above process your data under API terms that prohibit using API submissions to train models. This is different from consumer products like ChatGPT or the Gemini chatbot, which may use input for model improvement. API access operates under separate, stricter data handling terms.
Workspace isolation. Each workspace's data is processed in full isolation. No cross-workspace data leaks into AI calls or database queries. See Workspace Data Isolation & Multi-Tenant Security for implementation detail.
Subprocessor changes. When Instafill.ai adds, changes, or removes a subprocessor, this page is updated. Customers subject to GDPR with subprocessor notification obligations in their DPA can contact support to arrange advance notification.
Common Questions
Can I request a Data Processing Agreement (DPA) with Instafill?
Yes. GDPR-regulated organizations that require a DPA with Instafill.ai as a data processor can request one via the sales or support team. The DPA covers Instafill's obligations as a processor, including the subprocessor list on this page as required by GDPR Article 28. Use the contact link at the bottom of this page to get in touch.
Does any vendor receive my documents unencrypted?
AI providers (OpenAI, Azure OpenAI, Gemini) receive extracted text from your documents in plain text as part of the filling prompt. This is necessary for the AI to read your source data and map it to form fields.
What AI providers do not do: retain that text after serving the response, or use it to train models.
Azure Blob Storage and MongoDB receive your data encrypted. They cannot read the content without the encryption keys managed in Azure Key Vault.
Google Drive API and Adobe PDF Services receive Word file bytes temporarily for format conversion. These are not retained after conversion completes.
Is Instafill.ai GDPR-compliant? Who is the data controller?
For GDPR purposes: your organization is the data controller (you decide what data to process and why). Instafill.ai is the data processor (processing it on your behalf per your instructions). The vendors listed on this page are the subprocessors.
Full detail on GDPR data processor obligations, HIPAA BAA eligibility, and SOC 2 status is on the compliance page linked in the Overview above.
What happens to vendor data when I delete my account?
Instafill.ai executes a full data deletion process covering all application data in MongoDB and Azure Blob Storage. Vendor-side retention depends on each vendor's own policies - Stripe retains billing records for their legal obligations, and Amplitude may retain aggregated analytics data per their retention policy. Document content at AI providers is not retained beyond the API request scope and requires no deletion action on your end.
You can configure automatic data deletion and retention windows in Data Retention & Cleanup Management.
Questions about subprocessors or data agreements? Contact our team