Ask AI
Skip to main content

NoCode-X Supply Chain

Overview

NoCode-X.com relies on a carefully selected set of suppliers and platforms to deliver a secure, resilient, and compliant service. This page provides transparency on our key supply chain partners, their roles, and how we ensure compliance with data protection and privacy regulations, including the Data Privacy Framework.

1. Google Cloud Platform (GCP)

Role:
GCP provides the core infrastructure and platform-as-a-service (IaaS/PaaS) for NoCode-X. All compute, storage, and networking resources are provisioned and managed by NoCode-X within GCP.

Security & Compliance:
NoCode-X implements industry-standard encryption schemes for data at rest and in transit. Our encryption key management is designed so that keys are not accessible to Google, ensuring strict segregation of multitenancy and robust, out-of-band role-based access controls at the subscription, workspace, and application levels.

Data Privacy Framework:
Google LLC is listed on the Data Privacy Framework List, supporting compliance with GDPR and other international data transfer regulations.

2. Cloudflare Inc. (CDN)

Role:
Cloudflare acts as our Content Delivery Network (CDN), caching and serving only static assets (such as images, scripts, and stylesheets) to end users. No personal or dynamic data is stored on the CDN.

Security & Compliance:
Cloudflare is configured for EU-region breakouts only, ensuring that static content is served from within the EU. The platform is NIST-800 compliant, provides advanced DDoS protection, and is architected for high resilience and availability.

Data Privacy Framework:
Cloudflare, Inc. is listed on the Data Privacy Framework List, supporting lawful data transfers and compliance with GDPR.

3. Let's Encrypt (Certificate Authority)

Role:
Let's Encrypt provides SSL/TLS certificates for both internal and external endpoints, ensuring encrypted communications across all NoCode-X services and customer-facing applications.

GDPR & Regulatory Compliance:
Let's Encrypt does not process personal data as part of its certificate issuance process. Its role is limited to distributing cryptographic trust, which is essential for maintaining the integrity, confidentiality, and availability of our services. This approach aligns with GDPR and other regulatory requirements, as no personal data is processed or stored by Let's Encrypt in the context of NoCode-X operations.

4. AI LLM Processors

Role:
NoCode-X uses AI Large Language Models (LLMs) to generate application logic, user prompts, and test data. These models are not used to process personal data by default.

Customer Responsibility:
If customers choose to process personal data using LLMs, they are responsible for ensuring appropriate contractual and compliance measures with those providers. In such cases, the customer acts as the data controller under GDPR and must ensure all processing activities are lawful and compliant.

Compliance Note:
This distinction is critical for GDPR and other privacy regulations: NoCode-X does not process personal data through LLMs unless explicitly directed by the customer, who retains full control and responsibility.

References