Approved AI Provider List¶
This is the single source of truth for which AI providers Feoda employees may use, and for which categories of data. Any provider not on this list is not approved for Feoda work.
Status: Draft skeleton — pending evidence collection and ratification under AP-03. Do not rely on this list for production decisions until status is
Approved.
Eligibility Tiers¶
Providers are evaluated against the data classification model in ai-strategy.md Section 8.
| Tier | Data It May Handle | Minimum Provider Requirements |
|---|---|---|
| T1 — Public-only | Public-tier data only | Reasonable terms; no Feoda data of consequence |
| T2 — Internal | Public + Internal | Approved enterprise/business tier; SSO; named-individual accounts |
| T3 — Confidential | Public + Internal + Confidential | T2 + signed DPA; restricted to specific named workflows; full audit logging |
| T4 — Restricted | Public + Internal + Confidential + Restricted | T3 + region-appropriate data residency; legal review per workflow |
| Prohibited | (none — never use this provider for Feoda work) | — |
Approved Providers¶
| Provider | Product / Tier | Approved Tier | DPA Status | SSO Status | Audit Log | Owner | Contract End | Next Review |
|---|---|---|---|---|---|---|---|---|
| (to be populated under AP-03) |
Provisional Candidates (under evaluation)¶
Providers identified for evaluation but not yet approved. They may not be used for any tier above what their evaluation status permits.
| Provider | Product / Tier | Target Tier | Evaluation Status | Notes |
|---|---|---|---|---|
| Anthropic | Claude for Work / Enterprise | T3 (target) | To evaluate | Used in current platform Phase 2 (api/chat.js) |
| Groq | Cloud (free tier) | T1 only | To evaluate | Free tier — Public data only; not for Internal+ |
| OpenAI | ChatGPT Enterprise / Team | T3 (target) | To evaluate | — |
| GitHub | Copilot Business / Enterprise | T3 (target) | To evaluate | — |
Prohibited Tools¶
Examples (illustrative, not exhaustive). Specific named prohibitions are added by the Head of Technology when identified.
- Free / consumer tiers of any AI provider for any data above Public tier
- Personal accounts (paid or free) on any AI provider for any Feoda work
- Browser extensions or unverified third-party tools that route Feoda content to AI providers without explicit approval
- Any provider that retains the right to train on customer inputs in its applicable terms
Process¶
- Adding a provider: Submit evaluation under AP-03. Evidence required for the target tier (DPA, SSO, audit, residency as applicable). Final approval by Head of Technology.
- Removing a provider: Documented reason; migration plan for affected workflows; communication; access disabled.
- Exception use: No exceptions to this list. If a workflow needs a provider not on the list, the provider must be evaluated and added — not bypassed.
- Review cadence: Quarterly. Each entry's
Next Reviewcolumn is updated on review.
Change Log (this document)¶
| Date | Change | Author |
|---|---|---|
| 2026-04-22 | Initial skeleton created. Pending AP-03 evidence collection and ratification. | Head of Technology |