Trust & transparency

Entity, sub-processors, compliance posture, vulnerability disclosures, and provider availability. Independently verifiable. Updated monthly.

Transparency note

This page lists customer-verifiable information: entity, sub-processors, public status, response headers, and security contacts. Questions: legal@sealink.asia.

Legal entity

SeaLink is operated by a Singapore Pte. Ltd. Customer agreements, billing records, and formal notices use the entity information on this page.

Legal name

SeaLink Pte. Ltd.

ACRA UEN

202635195C

GST number

GST registration pending

Registered office

Singapore

Directors

As registered with ACRA

Established

2026

Once issued, the ACRA UEN is verifiable on BizFile. If GST registration applies, the GST number is verifiable on the IRAS GST Register.

Provider availability

SeaLink publishes product availability for each model provider. Live model state is available on /status and in API response headers.

Provider	Scope	Region	Verify
OpenAI	GPT-5.5 Pro, embedding-3-large, o3-mini	US	View status
Anthropic	Claude family — Opus / Sonnet / Haiku	US	View status
Google DeepMind	Gemini family	US / EU	View status
Meta	Llama family (hosted)	US	View status
Mistral AI	Mistral family	EU	View status
DeepSeek	DeepSeek V4 Flash / V4 Pro	CN	View status
Alibaba (DashScope)	Qwen3 Max / Plus / Turbo	CN / SG	View status
ByteDance (Volcengine Ark)	Doubao 1.5 Pro / Lite	CN	View status
Moonshot	Kimi K2	CN	View status
Zhipu	GLM-4.6 / Flash	CN	View status

Verifiable response headers

Every SeaLink API response includes headers naming the provider that actually served the request; fallback is also marked when it happens.

Header	Example	Meaning
X-SeaLink-Upstream	anthropic	Request served by Anthropic
X-SeaLink-Fallback	false	No fallback triggered; true means the primary provider was unavailable and the request was served by a backup

Verify with curl -i — see /docs/quickstart。

Uptime

Live data is at /status. Each model's status is judged from real traffic success rate (when ≥ 5 calls in 10 min) plus background health checks.

30-day cumulative SLO reports posted to /changelog on the 1st of each month.

Sub-processors

SeaLink uses the third parties below to process customer-related data. Additions are announced here at least 30 days in advance.

Vendor	Purpose	Region
Stripe	Payment processing	US / IE
Cloudflare	CDN, DNS, DDoS protection	Global
Resend	Transactional email	US
Vercel	Frontend hosting	Global edge
Hetzner	Compute (Singapore VPS)	Singapore
Sentry	Error tracking	US / EU

Compliance posture

Singapore PDPA — privacy policy and DPA cover customer data processing
GDPR — SCC support available for EU customers
Singapore GST — shown on invoices and billing records when applicable
Thailand PDPA — assessed for customers with Thailand requirements

Vulnerability disclosures

No valid third-party vulnerability reports yet. When a security incident has a public impact ≥ 30 minutes, the post-mortem appears here and on /changelog.

Found a vulnerability? Email security@sealink.asia, 48-hour response.

Need more?

DPAs, vendor security questionnaires, and billing entity details — email legal@sealink.asia.