Last updated: 27 March 2026
This is a full record of every tool and service that runs Klai — from infrastructure to the open source libraries our code is built with. Some are sub-processors under GDPR: they handle personal data on your behalf and are covered by our DPA. Others are open source software we run on our own infrastructure, where no data leaves our servers. We note the difference.
The GDPR-specific sub-processor list is at /docs/legal/sub-processors.
Hosting & networking
| Tool | What it does | Location | Sub-processor |
|---|
| Hetzner Online GmbH | German hosting provider. Our servers run in their Finnish data center. Hosts all Klai data. DPA accepted 7 March 2026. See sub-processor detail. | Finland (EU) | Yes |
| Hetzner DNS | DNS provider for getklai.com. Manages DNS records only. No customer data is processed. | Germany (EU) | No |
| Let’s Encrypt | Free, automated TLS certificate authority. Issues our HTTPS certificates via the ACME protocol. No customer data is processed. | USA | No |
| Cloud86 | Dutch hosting and email provider. Manages Klai’s business email and acts as SMTP relay for invitation emails sent by Klai. Processes recipient email addresses in transit. DPA not yet signed. | Netherlands (EU) | Yes |
These run on our own Hetzner servers. No customer data leaves our infrastructure.
| Tool | What it does |
|---|
| Docker | Open source container runtime. All Klai services run as Docker containers on our own infrastructure. |
| Coolify | Open source deployment platform. We use it to manage containers, updates, and services on our own infrastructure. |
| Caddy | Open source reverse proxy and web server. Handles HTTPS termination and routes traffic between internal services. |
| Zitadel | Open source identity provider. Manages user accounts, authentication (OIDC), and access control. Stores account credentials and session data on our own infrastructure. |
| SOPS + age | Open source secrets management. All infrastructure secrets (API keys, passwords) are encrypted with age and stored as SOPS-encrypted files in our private Git repository. |
| Fail2ban | Open source intrusion prevention. Monitors server logs and blocks IP addresses that show signs of abuse. |
Databases & storage
All databases run on our own Hetzner servers. Customer data stays in our infrastructure.
| Tool | What it does |
|---|
| PostgreSQL (with pgvector) | Open source relational database. Stores user accounts, tenant configuration, portal data, and the portal API state. The pgvector extension adds vector search support. |
| MongoDB | Open source document database. Stores chat conversations per tenant. Each tenant has a separate database. |
| Redis | Open source in-memory data store. Used for caching, session management, and message queuing. |
| RabbitMQ | Open source message broker. Used internally by Firecrawl to queue web scraping jobs. |
| Meilisearch | Open source full-text search engine. Indexes chat messages so users can search their conversation history. |
| Qdrant | Open source vector database. Stores document embeddings for semantic search over uploaded documents. |
| FalkorDB | Open source graph database. Stores the knowledge graph used for context-aware retrieval across the knowledge base. Runs on our own infrastructure. |
Monitoring & observability
All monitoring runs on our own infrastructure. Log and metric data stays on our servers.
| Tool | What it does |
|---|
| VictoriaMetrics | Open source time series database. Stores operational metrics (CPU, memory, request rates) with 30-day retention. |
| VictoriaLogs | Open source log storage. Stores container logs with 30-day retention. Logs may contain IP addresses and request metadata. |
| Grafana | Open source monitoring dashboard. Visualises metrics and logs from VictoriaMetrics and VictoriaLogs. Access restricted to Klai staff via authentication. |
| Grafana Alloy | Open source metrics and log collector. Forwards Docker container logs and node metrics to VictoriaMetrics and VictoriaLogs. |
| cAdvisor | Open source container resource monitor. Collects CPU, memory, and network metrics per container. |
| GlitchTip | Open source error tracking (Sentry-compatible). Captures application errors to help us diagnose and fix problems. Runs on our own infrastructure. |
| Uptime Kuma | Open source uptime monitor. Checks whether our services are running and alerts us when they are not. |
| Umami | Open source privacy-friendly website analytics. Cookieless, GDPR-compliant by default. Tracks pageviews and custom events on getklai.com. No personal data is collected. Runs on our own infrastructure. |
AI product
| Tool | What it does |
|---|
| LibreChat | Open source AI chat interface. This is the product interface customers use to interact with AI models. Conversation data is stored on our own infrastructure and does not leave our servers. |
AI inference & models
| Tool | What it does | Location | Sub-processor |
|---|
| LiteLLM | Open source AI gateway. Routes requests between our local models (Ollama) and external inference (Mistral). Runs on our own infrastructure. | Klai infrastructure | No |
| Ollama | Open source software for running language models locally. We use it to serve AI models on our own infrastructure. Nothing leaves our servers. | Klai infrastructure | No |
| Mistral AI SAS | French AI company whose models we use for inference. Receives only the API call content: the query and any uploaded documents. No account data. Not retained. Not used for training. DPA accepted 7 March 2026. See sub-processor detail. | France (EU) | Yes |
| Hugging Face TEI (Text Embeddings Inference) | Open source inference server for embedding models. We run it locally with the BAAI/bge-m3 model to generate vector embeddings from documents. Nothing leaves our servers. | Klai infrastructure | No |
| Infinity | Open source reranking server. We run it locally with the BAAI/bge-reranker-v2-m3 model to rerank search results. Nothing leaves our servers. | Klai infrastructure | No |
| SearXNG | Open source privacy-respecting metasearch engine. Powers web search in the chat interface and the research feature. Runs entirely on our own infrastructure — queries are not sent to commercial search APIs. | Klai infrastructure | No |
| Vexa | Open source meeting bot manager. Enables the meeting transcription feature by joining video calls on behalf of the user. Runs on our own infrastructure. Meeting audio is processed locally via Whisper. | Klai infrastructure | No |
Document & audio processing
These run on our own servers. Uploaded files and audio recordings are processed locally and are never sent to external services.
| Tool | What it does |
|---|
| Whisper | Open source speech-to-text model developed by OpenAI. Powers the transcription feature. Audio is processed entirely on our own infrastructure. |
| docling | Open source document conversion tool. Converts uploaded PDF and DOCX files to text so AI models can read them. Runs on our own infrastructure. |
| Firecrawl | Open source web scraper. When you use web search in the chat interface, Firecrawl fetches and extracts the full text of web pages so the AI model can read them. Runs entirely on our own infrastructure. |
| Tool | What it does | Sub-processor |
|---|
| Fider | Open source feature voting and roadmap software. If you submit a request or vote, your email is stored on our own infrastructure and stays safe with us. | No |
| Twenty | Open source CRM. We use it to manage customer relationships. Runs on our servers. Your contact details stay with us. | No |
Payments
| Tool | What it does | Location | Sub-processor |
|---|
| Moneybird B.V. | Dutch accounting and billing platform. Handles subscriptions, invoicing, and SEPA direct debit. Processes billing contact data including IBAN, KvK, and VAT number. DPA signed 7 March 2026 (v1.2). See sub-processor detail. | Netherlands (EU) | Yes |
Development & source control
| Tool | What it does |
|---|
| GitHub | Source code hosting and CI/CD. Stores Klai’s application code under the GetKlai organisation. No customer data is stored here. |
| Gitea | Open source self-hosted Git service. Used as the backend for the knowledge base — documents you publish via the knowledge base editor are stored here as Git-managed files on our own infrastructure. |
| uv | Open source Python package manager and project tool. Used to manage backend dependencies and virtual environments. |
| ruff | Open source Python linter and formatter. Enforces code style and catches common errors in backend code. |
| pyright | Open source Python type checker developed by Microsoft. Validates type correctness in backend code. |
| pre-commit | Open source git hook framework. Runs ruff, pyright, and pip-audit automatically before each commit. |
| pip-audit | Open source Python dependency vulnerability scanner. Checks for known CVEs in backend dependencies before each commit. |
| Trivy | Open source container security scanner. Scans Docker images for known CVEs during CI/CD and reports results to the GitHub Security tab. No customer data is processed. |
Frontend libraries
The portal and website are built with the following open source libraries.
| Library | What it does |
|---|
| React | Open source UI library. Powers the klai-portal customer interface. |
| Vite | Open source frontend build tool. Bundles and serves the portal frontend. |
| TanStack Router | Open source type-safe client-side router for the portal. |
| TanStack Query | Open source data fetching and caching library for the portal. |
| TanStack Table | Open source headless table library for the portal. |
| Tailwind CSS | Open source utility-first CSS framework. Used across portal and website. |
| Mantine | Open source React component library. Used for UI primitives in the portal. |
| Radix UI | Open source headless UI component library. Used for accessible interactive components in the portal. |
| BlockNote | Open source rich text editor. Powers the knowledge base editor in the portal. |
| Paraglide JS | Open source compiler-based i18n library. Handles Dutch/English translations in the portal with zero runtime overhead. |
| Lucide React | Open source icon library. All icons used in the portal and website come from here. |
| Astro | Open source web framework. Powers the getklai.com website. |
| Keystatic | Open source Git-based CMS. Used to manage website content (blog posts, pages) without a database. |
| Next.js | Open source React framework. Powers the klai-docs documentation site. |
Backend libraries
The portal API (FastAPI, Python) is built with the following open source libraries.
| Library | What it does |
|---|
| FastAPI | Open source Python web framework. The entire klai-portal API is built on it. |
| Uvicorn | Open source ASGI server. Runs the FastAPI application in production. |
| SQLAlchemy | Open source Python ORM. Handles all database queries and schema management. |
| Alembic | Open source database migration tool. Manages PostgreSQL schema changes. |
| Pydantic | Open source data validation library. Validates and serialises all API request and response data. |
| asyncpg | Open source async PostgreSQL driver. Powers database connections from the portal API. |
| cryptography | Open source Python cryptography library. Used for encryption operations in the portal API. |
This document is published under CC BY 4.0. You are free to adapt it for your own organisation. Credit: Klai B.V.