About this directory
A neutral, sourced reference for AI inference compliance — built because no such resource existed.
Why this exists
I built this for myself. As a developer building SaaS products in Germany, every time I evaluated a new AI inference provider I had to answer the same questions: Where does the data go at inference time? Is there a DPA I can actually sign? Does the provider train on my users' inputs? Is there an EU-only routing option?
Those questions don't have a single place to look them up. You end up digging through privacy policies, data processing addenda, and support docs — for every provider, every time. In my corporate job I saw the same friction play out weekly: teams defaulting to expensive enterprise contracts (Azure OpenAI, IBM Watsonx) not because the models were better but because the compliance paperwork was already done.
This directory is the resource I wanted. It presents structured, sourced facts — not a provider's own marketing copy, not a law firm's generic checklist — so you can make a defensible provider selection and move on.
Who built it
I'm Carlo, a software developer based in Germany. I work in enterprise IT and build SaaS products on the side — which means I operate under GDPR daily, from both the engineering and compliance sides of the table.
I don't have a financial relationship with any of the providers listed here. The directory is independent. Compliance metadata reflects publicly verifiable information with source links — if something is wrong or has changed, I want to know.
How data is maintained
Every provider entry is a flat JSON file stored in the public GitHub repository. Each field has a source URL. Every entry shows a "last verified" date so you can judge how fresh the information is before acting on it.
Provider compliance terms change — sometimes quietly. If you spot something outdated or missing, the best thing you can do is open an issue on GitHub. The issue template asks for the specific field that changed and a link to the source document. That keeps updates auditable and reviewable before they go into the directory.
Seen something change?
If a provider has updated their DPA, changed their data residency terms, launched EU-only routing, or anything else relevant to GDPR compliance — please file a GitHub issue. The structured template takes under two minutes and helps keep this resource accurate for everyone.
Open an issue on GitHubA GitHub account is required to submit. You can also browse open issues or review the provider data files directly.
What this is not
- Not legal advice. The directory presents facts, not compliance judgments. Always verify with the provider directly and consult legal counsel before relying on this for procurement decisions.
- Not a paid placement service. No provider has paid to appear here or to influence how their data is presented.
- Not guaranteed to be current. Provider terms change. The "last verified" date on each entry tells you when the information was last confirmed against source documents.