Ask AI
Skip to main content

NoCode-X Supply Chain

Overview

NoCode-X.com relies on a carefully selected set of suppliers and platforms to deliver a secure, resilient, and compliant service. This page provides transparency on our key supply chain partners, their roles, and how we ensure compliance with data protection and privacy regulations, including the Data Privacy Framework.

1. Google Cloud Platform (GCP)

Role:
GCP provides the core infrastructure and platform-as-a-service (IaaS/PaaS) for NoCode-X. All compute, storage, and networking resources are provisioned and managed by NoCode-X within GCP.

Security & Compliance:
NoCode-X implements industry-standard encryption schemes for data at rest and in transit. Our encryption key management is designed so that keys are not accessible to Google, ensuring strict segregation of multitenancy and robust, out-of-band role-based access controls at the subscription, workspace, and application levels.

Data Privacy Framework:
Google LLC is listed on the Data Privacy Framework List, supporting compliance with GDPR and other international data transfer regulations.

2. Cloudflare Inc. (CDN)

Role:
Cloudflare acts as our Content Delivery Network (CDN), caching and serving only static assets (such as images, scripts, and stylesheets) to end users. No personal or dynamic data is stored on the CDN.

Security & Compliance:
Cloudflare is configured for EU-region breakouts only, ensuring that static content is served from within the EU. The platform is NIST-800 compliant, provides advanced DDoS protection, and is architected for high resilience and availability.

Data Privacy Framework:
Cloudflare, Inc. is listed on the Data Privacy Framework List, supporting lawful data transfers and compliance with GDPR.

3. Let's Encrypt (Certificate Authority)

Role:
Let's Encrypt provides SSL/TLS certificates for both internal and external endpoints, ensuring encrypted communications across all NoCode-X services and customer-facing applications.

GDPR & Regulatory Compliance:
Let's Encrypt does not process personal data as part of its certificate issuance process. Its role is limited to distributing cryptographic trust, which is essential for maintaining the integrity, confidentiality, and availability of our services. This approach aligns with GDPR and other regulatory requirements, as no personal data is processed or stored by Let's Encrypt in the context of NoCode-X operations.

4. AI LLM Processors

Role:
NoCode-X uses AI Large Language Models (LLMs) to generate application logic, user prompts, and test data. These models are not used to process personal data by default.

Customer Responsibility:
If customers choose to process personal data using LLMs, they are responsible for ensuring appropriate contractual and compliance measures with those providers. In such cases, the customer acts as the data controller under GDPR and must ensure all processing activities are lawful and compliant.

Compliance Note:
This distinction is critical for GDPR and other privacy regulations: NoCode-X does not process personal data through LLMs unless explicitly directed by the customer, who retains full control and responsibility.

5. Composio (Optional Integration Runtime)

Overview
Composio is an optional third-party integration and execution layer utilized by NoCode-X to facilitate advanced agentic workflows. It provides a managed infrastructure for connecting AI modules to a wide array of external services and SaaS applications through standardized tool execution and delegated authentication.

Applicability and Deployment
The use of this service is not mandatory for the operation of the NoCode-X platform. It is only engaged when a user specifically activates the agentic module with the "Composio" integration. In the absence of this configuration, no data or requests are routed through the service.

Processing and Data Flow
When active, the service functions as a specialized execution layer. NoCode-X transmits only the specific parameters and connection contexts required to fulfill a user-initiated tool call. This includes:

  • Identifiers for the requested tools and specific action arguments.
  • Delegated authentication context for the target external platforms.
  • Execution results and payload responses from third-party APIs.

Roadmap toward Full Sovereignty
NoCode-X is committed to a roadmap that ensures full sovereignty and data control across the entire feature set. As NoCode-X transitions into full enterprise-scale operations, it is envisioned that this service will be onboarded directly into the platform environment. This path facilitates a self-hosted deployment model, available under our enterprise licensing tier. This transition represents our long-standing vision for a delivery model where all core and extended functionalities, including advanced agentic integrations, are contained within the client's own managed infrastructure.

References