AI Service Catalog
Noxys monitors 15+ AI platforms in real-time. This catalog provides detailed information about each service: detection methods, data residency, service metadata, and compliance considerations.
Service Inventory
General-Purpose AI Assistants
ChatGPT (OpenAI)
| Property | Value |
|---|---|
| Platform ID | chatgpt |
| URLs | chat.openai.com, chatgpt.com |
| Detection | URL pattern matching |
| Data Residency | US (OpenAI data centers) |
| Compliance Notes | Not GDPR-safe; requires data processing agreement |
| Status | Actively monitored |
Recommended Policy: Block or Coach on PII and sensitive data
Claude (Anthropic)
| Property | Value |
|---|---|
| Platform ID | claude |
| URLs | claude.ai |
| Detection | URL pattern matching + DOM inspection |
| Data Residency | US (AWS us-east-1) |
| Compliance Notes | US-based; GDPR requires data processing agreement |
| Status | Actively monitored |
Recommended Policy: Block or Coach on PII (especially for EU organizations)
Google Gemini
| Property | Value |
|---|---|
| Platform ID | gemini |
| URLs | gemini.google.com |
| Detection | URL pattern matching |
| Data Residency | US (Google Cloud, multiple regions) |
| Compliance Notes | US-based; GDPR requires Google Cloud data processing agreement |
| Status | Actively monitored |
Recommended Policy: Block or Coach on PII
Microsoft Copilot
| Property | Value |
|---|---|
| Platform ID | copilot |
| URLs | copilot.microsoft.com, copilot.cloud.microsoft.com |
| Detection | URL pattern matching |
| Data Residency | US (Azure, multiple regions) |
| Compliance Notes | Microsoft enterprise agreements may provide EU data residency options |
| Status | Actively monitored |
Recommended Policy: Allow with caution if Azure EU region configured
Specialized/Research Models
DeepSeek
| Property | Value |
|---|---|
| Platform ID | deepseek |
| URLs | chat.deepseek.com |
| Detection | URL pattern matching |
| Data Residency | China (Chinese servers) |
| Compliance Notes | Chinese data handling laws; Chinese government access risk |
| Status | Actively monitored |
Recommended Policy: Block for EU organizations (data sovereignty concern)
Common Policy:
Condition: platform_id eq "deepseek"
Action: Block
Priority: 10
Grok (X AI)
| Property | Value |
|---|---|
| Platform ID | grok |
| URLs | grok.com, x.com (browser-based) |
| Detection | URL pattern matching |
| Data Residency | US (X/Twitter infrastructure) |
| Compliance Notes | US-based; questionable data privacy practices |
| Status | Actively monitored |
Recommended Policy: Restrict to non-sensitive use or Block
Mistral AI
| Property | Value |
|---|---|
| Platform ID | mistral |
| URLs | chat.mistral.ai |
| Detection | URL pattern matching |
| Data Residency | EU (France) |
| Compliance Notes | EU-based; GDPR-friendly; can be used for sensitive work |
| Status | Actively monitored |
Recommended Policy: Allow for EU organizations (especially Finance, Legal)
Perplexity AI
| Property | Value |
|---|---|
| Platform ID | perplexity |
| URLs | perplexity.ai, www.perplexity.ai |
| Detection | URL pattern matching |
| Data Residency | US (US-based startup) |
| Compliance Notes | US-based; startup with evolving privacy policies |
| Status | Actively monitored |
Recommended Policy: Coach on sensitive data
IDE & Code Tools
Cursor
| Property | Value |
|---|---|
| Platform ID | cursor |
| URLs | cursor.com, cursor.sh |
| Detection | Web-based use via browser |
| Data Residency | US (Cursor AI backend) |
| Compliance Notes | Primarily IDE tool; browser access monitored |
| Status | Actively monitored (web only) |
Notes: VS Code plugin support coming in v0.2
Recommended Policy: Allow for code review only; block on documentation/data
Windsurf (Codeium)
| Property | Value |
|---|---|
| Platform ID | windsurf |
| URLs | windsurf.com |
| Detection | Web-based use via browser |
| Data Residency | US (Codeium backend) |
| Compliance Notes | Code completion tool; code sharing concern |
| Status | Actively monitored (web only) |
Recommended Policy: Allow for non-proprietary code; block on company secrets
Chat Aggregators & Platforms
Poe (Quora)
| Property | Value |
|---|---|
| Platform ID | poe |
| URLs | poe.com |
| Detection | URL pattern matching |
| Data Residency | US (Quora infrastructure) |
| Compliance Notes | US-based; routes to multiple backends |
| Status | Actively monitored (beta) |
Recommended Policy: Coach or Block (data passes through Quora servers)
HuggingChat
| Property | Value |
|---|---|
| Platform ID | huggingchat |
| URLs | huggingface.co/chat |
| Detection | URL pattern matching |
| Data Residency | EU (Hugging Face EU servers) |
| Compliance Notes | EU-based; GDPR-compliant; good for sensitive use |
| Status | Actively monitored |
Recommended Policy: Allow for EU organizations; can be trusted for PII discussions
OpenRouter
| Property | Value |
|---|---|
| Platform ID | openrouter |
| URLs | openrouter.ai |
| Detection | URL pattern matching |
| Data Residency | US (OpenRouter aggregator) |
| Compliance Notes | Aggregator; routes to various backends (US, EU, etc.) |
| Status | Actively monitored |
Recommended Policy: Coach on sensitive data (backend varies)
TypingMind
| Property | Value |
|---|---|
| Platform ID | typingmind |
| URLs | typingmind.com, www.typingmind.com |
| Detection | URL pattern matching |
| Data Residency | US (TypingMind proxy) |
| Compliance Notes | Third-party ChatGPT wrapper; proxies data |
| Status | Actively monitored |
Recommended Policy: Block (adds extra data hop through US proxy)
Mammouth AI
| Property | Value |
|---|---|
| Platform ID | mammouth |
| URLs | mammouth.ai |
| Detection | URL pattern matching |
| Data Residency | Unknown (startup) |
| Compliance Notes | Emerging service; data handling unclear |
| Status | Actively monitored |
Recommended Policy: Coach or Block pending vendor assessment
Research & Alternative Models
HuggingFace
| Property | Value |
|---|---|
| Platform ID | huggingchat |
| URLs | huggingface.co/chat |
| Detection | URL pattern matching |
| Data Residency | EU (France) |
| Compliance Notes | Open-source focused; GDPR-friendly |
| Status | Actively monitored |
Recommended Policy: Allow for research and non-sensitive use
Coming Soon (v0.2)
| Service | Platform ID | ETA | Notes |
|---|---|---|---|
| Ollama | ollama | Q2 2026 | Local, private inference |
| GitHub Copilot Chat | github_copilot | Q2 2026 | IDE integration (VS Code, JetBrains) |
| VS Code Copilot | vscode_copilot | Q2 2026 | Built-in copilot |
| Claude (Web) | claude_web | Q1 2026 | Existing; better detection |
| Llama 2 (Meta) | llama | Q3 2026 | Through hosting platforms |
Data Residency Mapping
EU-Safe Services
Can store EU PII (with appropriate safeguards):
| Service | Data Region | Compliance |
|---|---|---|
| Mistral AI | France | GDPR-native |
| HuggingChat | EU | GDPR-native |
| Ollama (local) | On-premise | GDPR-native |
US-Based Services
Require GDPR data processing agreement (DPA):
| Service | Data Region | Risk Level |
|---|---|---|
| ChatGPT | US | High (OpenAI in negotiations) |
| Claude | US | High (no formal EU DPA) |
| Gemini | US | High (Google standard) |
| Copilot | US | Medium (Microsoft EU options) |
Non-EU Services
Avoid for sensitive EU data:
| Service | Data Region | Why |
|---|---|---|
| DeepSeek | China | Foreign jurisdiction, no DPA |
| Grok | US | X/Twitter data practices |
| Perplexity | US | Startup, evolving policies |
Service Detection Method
URL Pattern Matching
Most services are detected via URL patterns:
Platform Detection:
User visits chat.openai.com
↓
Extension matches URL pattern
↓
Identifies as "chatgpt"
↓
Monitors for text input/submission
DOM Inspection
For services with dynamic URLs, DOM inspection supplements URL matching:
Enhanced Detection:
User navigates to claude.ai
↓
Extension checks URL pattern (claude.ai)
↓
Also inspects page title, metadata, elements
↓
Confirms service identity
↓
Starts monitoring
Limitations
Cannot detect:
- Services accessed via VPN / proxy
- Private/self-hosted instances (unless configured separately)
- Mobile apps (browser extension not applicable)
- Desktop applications (IDE plugins coming v0.2)
Custom Service Registration
For self-hosted or internal AI services, register custom platforms:
-
Go to Settings → Custom Services
-
Click + Register Service
-
Enter:
- Service Name: e.g., "Internal LLaMA Instance"
- Detection Method: URL pattern or header-based
- URL Pattern: e.g.,
llm.internal.company.com/* - Data Residency: EU / US / On-Premise
- PII Handling: Safe / Caution / Block
-
Click Save
Example:
Service Name: Internal LLaMA
URL Pattern: internal-ai.acme.com/*
Data Residency: On-Premise
PII Handling: Safe
After registration, policies can reference: platform_id eq "internal_llama"
Service Metadata
What Metadata Is Captured
For every interaction, these service details are recorded:
| Metadata | Example | Use |
|---|---|---|
| Platform ID | chatgpt | Filtering, policy matching |
| Service URL | chat.openai.com/c/abc123 | Audit trail |
| Service Version | Latest (N/A for web) | Compatibility tracking |
| Data Region | US | Compliance reporting |
| Interaction Type | prompt | User action classification |
Service Metadata API
Access service information programmatically:
curl https://api.noxys.cloud/v1/services \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"services": [
{
"id": "chatgpt",
"name": "ChatGPT",
"urls": ["chat.openai.com", "chatgpt.com"],
"data_region": "US",
"active": true
},
...
]
}
Best Practices
1. Know Your Service Residency
Before using a service:
- Check the Data Residency section (above)
- Determine if compliant with your regulations
- Create appropriate policies
Example decision tree:
Handling EU PII?
↓ Yes
EU-native service (Mistral, HuggingChat)?
↓ Yes → Allow
↓ No
↓ Check DPA with vendor
↓ Yes → Allow with restrictions
↓ No → Block
2. Implement Service-Based Policies
Create policies per service risk level:
Tier 1 (Block):
- platform_id eq "deepseek"
Tier 2 (Coach):
- platform_id in ["perplexity", "grok"]
- classification_count gte 1
Tier 3 (Log):
- platform_id in ["chatgpt", "claude"]
- source eq "browser_extension"
3. Departmental Restrictions
Use SSO to restrict high-risk services by department:
Finance & Legal - EU-only:
- department in ["Finance", "Legal"]
- data_region neq "EU"
- Action: Block
Engineering - Allow all:
- department eq "Engineering"
- Action: Log only
4. Monitor Service Usage Trends
In Dashboard → Top Platforms:
- Which services are most used?
- Are shadow AI services emerging?
- Are users circumventing policies? (e.g., using OpenRouter to access ChatGPT)
Example insight: "85% of AI usage is ChatGPT; 10% Gemini; 5% Claude. Mistral is completely unused — training needed?"
Compliance Considerations
EU AI Act Article 10
Transparency on AI system use:
Noxys Capability:
1. Detects which services used
2. Logs in audit trail
3. Generates compliance report
Result: Demonstrates transparency ✓
GDPR Data Transfers
Services outside EU require:
- Standard Contractual Clauses (SCCs)
- Data Processing Agreement (DPA)
- Transfer Impact Assessment (TIA)
Noxys Dashboard → Compliance → Data Transfers:
- Shows all non-EU services in use
- Identifies gap (missing DPA)
- Generates compliance checklist
Vendor Assessment
Document vendor security:
| Service | DPA | Audit | SOC2 | Data Residency |
|---|---|---|---|---|
| ChatGPT | In Negotiation | No | No | US |
| Mistral | ✓ | ✓ | ✓ | EU |
| Claude | No | Limited | ✓ | US |
| Gemini | Standard | ✓ | ✓ | US |
Use Compliance Reports to track and update.
Next Steps
- Policy Configuration — Create service-specific policies
- Architecture Overview — Understand service detection
- Compliance Guide — Regulatory requirements
Need help?
- Email: support@noxys.eu
- Service Update: Check this catalog monthly for new platforms
- Custom Service: Reach out to request integration for your internal AI service