← LastdayLASTDAY

Lastday Subprocessor List

Canonical roster. This list is canonical per Constitution §18 and Trust & Compliance §5. Other governance docs may summarize but should reference this doc for the authoritative roster.

This list identifies third-party vendors used by 1001537887 Ontario Inc. operating as Lastday to provide the Lastday platform.

Effective date of this draft: April 10, 2026

Production application: command.lastdayops.com

Primary customer data store: Supabase Canada Central, ca-central-1

1. Subprocessor Changes

Lastday will provide at least 30 days advance notice before adding a new subprocessor or materially changing the processing performed by an existing subprocessor, unless a shorter period is required for urgent security, continuity, or legal reasons.

Customers may object in writing within 15 days of receiving notice if the objection is based on reasonable data protection concerns. Lastday will work in good faith to address the objection. If the concern cannot be resolved, the customer may terminate the affected service as described in the Data Processing Agreement or applicable order form.

2. Current Subprocessors

| Vendor | Service | Data Processed | Data Location | Legal / Privacy Link | |--------|---------|---------------|---------------|----------------------| | Anthropic | Claude Sonnet 4.6 (claude-sonnet-4-6). Signal processing (Job 1), CVOR vision harness, and fallback for NIM jobs. | Signal text, extracted attachment text, tenant operational context | US | https://privacy.claude.com/en/articles/7996862-how-do-i-view-and-sign-your-data-processing-addendum-dpa | | Anthropic | Claude Opus 4.7 (claude-opus-4-7). Morning brief (Job 4), proof chat (Job 6), carrier maturity (Job 11), and monthly trend. | Aggregated issue summaries, brief context, issue summaries for proof chat, maturity assessment context | US | https://privacy.claude.com/en/articles/7996862-how-do-i-view-and-sign-your-data-processing-addendum-dpa | | NVIDIA | NIM Llama 3.3 70B (meta/llama-3.3-70b-instruct). Relation detection, ghost patterns, onboard research (Jobs 2, 5, 7), market pressure digest, match engine (Jobs 9, 10). Claude fallback if unavailable. | Signal text for relation matching, issue summaries for pattern detection, carrier identity (name, city, province, DOT) for research planning and synthesis | US | https://www.nvidia.com/en-us/agreements/data-processing-addendum/nvidia-cloud-services-data-processing-addendum/ | | Google Cloud (Vertex AI) | Gemini Flash and Gemini Pro. Fallback LLM for Job 1 (signal processing) and Job 4 (morning brief) when Anthropic is unavailable or rate-limited. | Signal content, morning brief context, issue summaries. Same categories as the Anthropic entries. | US (us-central1) | https://cloud.google.com/vertex-ai | | Tavily | Web search for carrier research (Job 7 Deep Research pipeline) | Search queries derived from carrier identity: name, city, province, DOT/MC number. No customer operational data sent. | US | https://tavily.com/privacy | | OpenAI | text-embedding-3-small. Vector embeddings for similarity search | Signal text converted to embeddings | US | https://openai.com/policies/data-processing-addendum/ | | Supabase | Database, auth, storage, edge functions | All platform data, including signals, issues, events, users, attachments, and OAuth tokens | Canada Central | https://supabase.com/legal/dpa | | Vercel | Hosting, serverless functions, cron scheduling | Application requests, request metadata, session-related request handling | US, Canada | https://vercel.com/legal/dpa | | Stripe | Billing and subscription management | Customer billing information, subscription status, payment status, tax and invoice records. No operational signal data. | US | https://stripe.com/legal/dpa | | Resend | Transactional email and inbound email webhook for signal ingestion | Email headers, bodies, attachments for inbound processing; outbound notification email addresses and content | US | https://resend.com/legal/dpa | | Google | Gmail API. OAuth connector for email signal ingestion | OAuth token exchange, Gmail message headers, bodies, and attachments from connected accounts | US | https://developers.google.com/terms/api-services-user-data-policy | | Google | Calendar API. OAuth connector for scheduling signals (audit appointments, DOT inspections, renewals, meetings tied to issues). Separate connection from Gmail so either can be revoked independently. | Calendar list metadata and event summaries/descriptions read via the Calendar v3 API with the calendar.readonly scope. OAuth tokens stored encrypted in the connections table. | US multi-region (Google Cloud) | https://developers.google.com/terms/api-services-user-data-policy | | Intuit | QuickBooks Online OAuth connector. Customer authorizes Lastday to read accounting records to classify accessorial revenue, aging receivables, vendor spend drift, and customer revenue decline signals. | Invoices, bills, customers, vendors, payments, and company info read via the QuickBooks v3 `/query` API. OAuth tokens stored encrypted in the connections table. | US (Intuit primary data centers) | https://www.intuit.com/privacy/ | | Motive | Fleet telematics OAuth connector. Customer authorizes Lastday to read HOS violations, driver performance events, and vehicle diagnostic faults from their Motive account to surface safety and maintenance signals. | HOS violations, driver performance events (including event type, start time, location string, and driver reference), and vehicle diagnostic faults read via the Motive v1 API. OAuth tokens stored encrypted in the connections table. | US (Motive primary data centers) | https://gomotive.com/privacy/ | | Twilio | SMS and voice-related signal ingestion, provisioned but not yet active | SMS body, phone number, call transcript, message metadata if enabled | US | https://www.twilio.com/legal/data-protection-addendum | | Google Workspace | Internal administrative email (jordan@lastdayops.com). Not a processor of customer signal data; listed for completeness. | No customer data. Administrative mail only (founder correspondence, internal operational notices). | US multi-region (Google Cloud) | https://workspace.google.com/terms/dpa_terms.html | | FMCSA QCMobile API | Public US federal motor carrier registry. Queried from `/api/scout/*` and onboard to resolve carrier identity and safety posture. | Carrier identity strings sent out (name, city, DOT); public government data pulled back. No customer operational data. | US federal infrastructure | https://mobile.fmcsa.dot.gov/qc/id/faq (public dataset, no DPA; referenced for completeness) |

3. AI Provider Boundaries

Lastday uses AI subprocessors only for the jobs defined in the Constitution and Octavian architecture:

  • Anthropic Claude Sonnet 4.6: Job 1 (signal processing), plus Claude Sonnet fallback for NIM jobs.
  • Anthropic Claude Opus 4.7: Jobs 4, 6, 11 (morning brief, proof chat, carrier maturity) and Monthly Trend.
  • NVIDIA NIM Llama 3.3 70B (meta/llama-3.3-70b-instruct): Jobs 2, 5, 7, 9, 10, with Claude Sonnet fallback.
  • Google Vertex AI (Gemini Flash / Gemini Pro): fallback LLM for Jobs 1 and 4 when the primary Anthropic provider is unavailable or rate-limited. Same customer data categories as the corresponding Anthropic calls.
  • OpenAI text-embedding-3-small: embeddings utility.
  • Tavily: Job 7 Deep Research web search. No customer operational data sent; only carrier identity strings.

URL fetching for Job 7 Deep Research runs in-process inside the Lastday environment via a homegrown fetcher (Mozilla Readability + jsdom + Turndown). No external fetch service is used. Introduced in Wave 8.1 replacing the prior Jina AI dependency.

Lastday does not authorize any AI provider to train models on customer data.

Lastday does not send customer data to AI providers for cross-tenant analytics, benchmarking, shared embeddings, or anonymized derivative datasets.

4. Connector Boundaries

Each OAuth connector is enabled by the customer, read-only by design, and scoped to a single purpose. OAuth tokens are encrypted at rest in the `connections` table using the Lastday `ENCRYPTION_KEY`. Customers can revoke any connector at any time from the intake Settings panel or from the provider's own authorization dashboard; revocation removes Lastday's ability to read further data and triggers local token invalidation.

  • Google Gmail: `gmail.readonly` scope. Lastday reads inbound message headers, bodies, and attachments for signal classification. Lastday never sends email from the connected account.
  • Google Calendar: `calendar.readonly` scope. Lastday reads calendar list metadata and event summaries to surface scheduling signals. Lastday never creates, modifies, or deletes events in the connected account.
  • Intuit (QuickBooks Online): read-only queries against invoices, bills, customers, vendors, payments, and company info. Lastday never writes back to QuickBooks. Used by vendor drift analysis, customer revenue decline detection, and accessorial crossref in the daily cycle.
  • Motive: read-only fetches of HOS violations, driver performance events, and vehicle diagnostic faults. Lastday never writes to Motive and never reads bulk historical location telemetry beyond the event metadata returned by the Motive v1 API. Polled every 30 minutes by `/api/cron/poll-motive`.
  • Twilio: SMS ingestion only, no outbound messaging from the connected account. Provisioned but not yet active.

Lastday does not use connector data for cross-tenant analytics or shared training. Connector data stays inside the customer's tenant and is subject to the same 12-month retention as every other customer record.

5. Contact

Questions or objections: jordan@lastdayops.com

Change Log

Version 1.4. April 20, 2026. Jordan Layden. Governance Wave 5 reconciliation. Header pin sweep: Constitution cite bumped to v3.14, Trust & Compliance cite bumped to v2.8, Privacy Policy cite bumped to v1.2. Voice exemption clause added citing §25.3(a). Canonical-roster note added at top of subprocessor table per Trust & Compliance §5 recommendation ("other governance docs may summarize but should reference this doc for the authoritative roster"). Added two entries for completeness: Google Workspace (administrative email, no customer data) and FMCSA QCMobile API (public US federal carrier registry, no customer operational data). Jina AI removal from Wave 8.1 already in effect; confirmed no Jina entry in the table. DRAFT status preserved.

Version 1.5. April 24, 2026. Claude Code. Doc reconciliation Wave 3. NIM model version references updated from "NIM Llama 3.1 70B" to "NIM Llama 3.3 70B (meta/llama-3.3-70b-instruct)" in two sites: §2 subprocessor table NVIDIA row, and §3 AI Provider Boundaries. Matches the Wave 1 Constitution v3.15 model migration across Jobs 2, 5, 9, 10 per NVIDIA AI Enterprise Lifecycle Policy notice of July 2026 End of Life for Llama 3.1 70B Instruct. Header pin sweep: Constitution cite bumped to v3.20, Trust & Compliance cite bumped to v2.9. No subprocessor added or removed; Google Vertex AI (Gemini Flash and Gemini Pro, §2 row and §3 AI Provider Boundaries) and Tavily (§2 row and §3) entries confirmed complete. DRAFT status preserved.