What runs underneath Ediccio. Disclosed.

Ediccio's substrate provides two capabilities (per ADR-0001): an extract capability that turns a raw signal into structured profile observations, and an embed capability that turns text into vectors for similarity search. Each capability is pinnable per tenant; the default composition is shared across all tenants unless they opt out.

The fallback is composed: a FallbackSubstrate wraps the primary and a secondary, and routes to the secondary when the primary returns a TransientSubstrateError. Both substrates are independently qualified against the same golden set (§3 below).

Better substrate is a silent product upgrade. We don't sell it as an SKU axis, we don't expose it on pricing pages, and we don't ask the customer to choose a model. We measure quality, and if a substrate change improves quality, we roll it out without changing the contract.

Tenant data and inference both live in eu-west-1 (Ireland) by default. The Bedrock inference calls use the EU-routed inference profile (eu. prefix); the inference does not leave the EU under the default substrate.

Two non-EU exceptions are AWS-contract-driven and hold no tenant data: Amazon CloudFront (global edge, serves only the marketing site) and AWS Certificate Manager + Route 53 (us-east-1, DNS + cert plane; CloudFront requires its certificate to be in us-east-1). These are disclosed in the sub-processor list and processed under the same AWS DPA umbrella.

A customer on the BYO substrate option (§7) controls the region of their own provider; their region is recorded in the per-tenant DPA addendum.

Every substrate that ships passes the published golden set (30 rows across six dimensions: intent, pain, sentiment, preferences, traditional fields, adversarial). The harness is open-source under Apache 2.0 in the evals/ directory of the public repo; the numbers below are reproducible with make eval-baseline EDICCIO_SUBSTRATE=<name>.

Mistral standalone is below the qualification threshold and is not shipped as a customer-selectable extract substrate. It serves as the secondary inside the fallback composition only; the composed fallback matches the primary's score because Mistral only runs when the primary throws. Under nominal load, Claude carries every request.

The two intent recall misses on bedrock-claude are semantic disagreements between authored golden labels and substrate readings; both are under active review (intent-003, intent-004 in the golden set). Per-dimension F1 is 1.000 for pain, sentiment, preferences, traditional, and adversarial.

Ediccio acts as a processor under Article 28 GDPR (and equivalent provisions of the UK GDPR, Swiss FADP, and analogous frameworks). The customer is the controller; they bring the end_user_id of every subject. The third parties below are sub-processors within the meaning of Art. 28(2) and (4), all of them AWS services, governed by the AWS GDPR Data Processing Addendum incorporated into the AWS Customer Agreement.

AWS does not retain Bedrock prompts or completions for model training or any other secondary use under the AWS Service Terms. Inference for an eu-west-1 caller is served from eu-west-1.

Ediccio commits to give controllers at least 30 days' prior notice of any addition or replacement of a sub-processor, via the contact established in the DPA. The full sub-processor commentary lives in the customer-facing DPA package.

A data-subject erasure is a hard physical delete of the subject's rows from the tenant database, accompanied by a PII-free audit record. There is no crypto-shredding (the bytes are removed) and no soft-delete-then-purge (the operation is atomic). The audit record names the request, the requester role, and a salted hash of the subject identifier, never the subject's identifier itself.

• Erasure SLO. 30 days from the verified request to subject rows no longer reachable in any live store. Active backups are honoured at the next backup-rotation boundary, within the same SLO.
• Backups. 7-day point-in-time recovery + monthly snapshots retained for 12 months. Subject erasures cascade to backups at the rotation boundary.
• Operational logs. CloudWatch retains 90 days; end_user_id is hashed before being written; raw_events.payload content is never logged.
• Bedrock telemetry. AWS does not retain prompts or completions for any secondary use.

DSAR endpoints (POST /v1/dsar/erasure, POST /v1/dsar/export, GET /v1/dsar/{request_id}) are exposed on the Management API. The customer's Consent Management Platform (OneTrust, Transcend, Ketch, or in-house) is the system of record for consent and calls these endpoints from its workflow. We integrate with CMPs; we are not one.

Most disclosures stop at architecture. This one doesn't, because architecture without verification is a guess. Ediccio runs a seven-gate integration-verification stack that asserts the substrate is still producing the quality the datasheet claims, the request gate still enforces tenant isolation, and the DSAR flow still completes end-to-end against live AWS, not mocks.

Cadence. The non-AWS gates run on every push, every pull request, and a weekly cron. The Bedrock-touching gates run locally on the maintainer's machine (~2.5 min, ~$1.55 per run): a deliberate choice not to put AWS credentials in CI before there's a multi- engineer team to govern them.

Audit trail. Green-run history is committed to the public repo under evals/verification-log/. As that history accumulates, the availability target in §7 will be reportable from the log itself, not from an estimate.

Availability and fallback rate are not measurable yet. The verification log needs roughly eight weeks of clean history before the numbers stop being noise. The published target will land in this section once the log can back it; the expected publication window is 2026-08.

The temporary line: we don't have customer traffic and so cannot report production availability. The verification cadence above is the closest proxy until traffic exists.

The substrate is interchangeable by interface (per ADR-0001). A customer who needs to pin a specific provider (for sovereignty, for an existing enterprise contract, for cost reasons) configures the Gateway substrate against any OpenAI-compatible endpoint. The customer's provider becomes the customer's sub-processor, not Ediccio's. Pricing in BYO mode reflects a mechanical, published substrate-cost pass-through (ADR-0001 §5).

The contract is capability-shaped (extract, embed), not provider-shaped. There is no streaming, no tool-calling, no chat surface inside Ediccio's substrate abstraction. Those are deliberate non-features; the boundary is narrow on purpose.

Substrate composition or sub-processor changes are announced to controllers at least 30 days in advance, via the contact established in the DPA. Model-version changes within the disclosed default (Anthropic's Claude moving to a newer Sonnet release, for example) are silent product upgrades unless they change the disclosed default substrate; if they do, the 30-day rule applies.

A dated diff log of substrate-default changes lives under this page as it accumulates.

Related

• ADR-0001: Harness-first positioning + substrate abstraction
• ADR-0002: Aurora PostgreSQL as tenant data plane
• ADR-0003: Async write path: signal → observation → profile
• ADR-0004: Retention and erasure: hard delete + PII-free audit
• Sub-processor list + DPA (available on request)
• The evaluation harness is in the public repo at evals/. Run make eval-baseline to reproduce any number on this page.