Metrux AI
Draft - pending counsel review. This document captures the structure and factual claims of our final legal text. The exact wording will be provided by outside counsel before we accept any paid contract. Questions to legal@metrux.ai.

Sub-processors

Last updated: 2026-05-06

This page lists vendors that process Customer or Candidate personal data on our behalf. We notify Customers at least 30 days in advance before adding or replacing a sub-processor, per the Data Processing Addendum.

VendorPurposeRegionData
Amazon Web Services (AWS)Cloud hosting: compute, database, storage, KMS.us-east-1 (United States)All Customer + Candidate data at rest and in transit.
ClerkIdentity + authentication (password, MFA, session management).United StatesEmail, name, hashed password material, session metadata. Session-cookie value is our own (issued after Clerk JWT handoff); Clerk does not see session artifacts.
ResendTransactional email (invite delivery, account notifications).United StatesRecipient email, message body (invite link + company context). Not used for marketing.
SentryError tracking + performance monitoring (opt-in per environment).United StatesError stack traces with request bodies + headers REDACTED by beforeSend. No session artifacts, no candidate code. Disabled in environments where SENTRY_DSN is unset.

Anthropic (BYOK co-processor)

Customers bring their own Anthropic API key (the “BYOK” model) and contract with Anthropic directly. The Customer is the data controller of its Anthropic usage; Metrux is not a sub-processor between the two. We disclose the relationship here so Candidates and Customers can make an informed decision about what flows through Anthropic during a session.

What flows through Anthropic. When a Candidate uses the Claude integration, prompts (Candidate messages, system prompts, code excerpts the Candidate pastes) and Claude's responses transit Anthropic's API. The Customer's Anthropic API key is presented on each request. Metrux records prompt and response metadata (token counts, model version, latency, hashes of message content for audit) for scoring; the plaintext bodies are not persisted by Metrux beyond the active session and are not shared with any other party.

Anthropic's retention. Anthropic states (per its API Terms in effect as of 2026-05-06) that API request and response data is retained for up to 30 days for abuse-detection purposes and is not used to train Anthropic's models unless the Customer opts in to data sharing on its own Anthropic account. Verification of current terms is the Customer's responsibility under the BYOK model. Refer directly to Anthropic's privacy and data-usage documentation for authoritative detail.

Key handling on our side. Metrux wraps the API key under its own KMS-backedKEY_ENCRYPTION_KEY, holds the plaintext only in memory inside the per-session sandbox proxy, and clears it on session disconnect or grading completion. The key is never written to disk in plaintext, never logged, and never appears in any artefact retained outside the session.

Change history

  • 2026-04-24: initial publication (AWS, Clerk, Resend, Sentry).
  • 2026-05-06: Anthropic BYOK co-processor section expanded with data-flow + retention disclosure (audit follow-up).

Questions: legal@metrux.ai.