cf0 is built so analysts can put their name on the output. That starts with knowing exactly where data lives and who can touch it.
Storage
| What | Where |
|---|
| Threads, messages, generated reports | Immutable per-org storage, US region |
| User accounts, org membership, roles | Enterprise identity layer with a relational record |
| Uploaded documents | Org-scoped object storage, US region |
| SEC + global filings index | Structured, queryable index |
Threads and reports live as an immutable canonical record, not in a mutable database or codebase. Deletion is immediate from the user’s view; backing storage is purged on the next sync cycle.
Sub-processors
cf0 uses a curated set of sub-processors covering:
- Cloud infrastructure — primary compute, storage, and AI inference, US region
- Identity and access — enterprise authentication and organisation management
- Durable workflow orchestration — long-running ingestion and processing
- Frontend hosting — global edge delivery
- Product analytics — usage telemetry (no thread or report content)
- AI observability — model I/O tracing (content stays inside the platform perimeter)
- Semantic retrieval — vector index for source lookup
- Data feeds — read-only ingest of filings, market data, transcripts, and macro data; do not process customer data
The complete sub-processor list — vendor, role, and data scope per processor — is disclosed under the DPA. Contact filippo@cf0.ai to request it.
Boundaries
- Org isolation — every thread, document, and report is scoped to your organisation. There is no cross-org visibility.
- No training on your data — cf0 never uses customer threads, documents, or reports to train any AI model.
- Inference inside the platform perimeter — AI inference runs inside cf0’s cloud infrastructure; customer data does not leave the platform to reach a model.
Compliance
For regulated workflows, the DPA, or sub-processor disclosure, contact filippo@cf0.ai. Last modified on May 25, 2026