See a filled AI vendor disclosure packet before you build your own.
This worked example is fictional, but the packet shape is real: one AI stack, one proposed vendor change, one customer scope decision, and one proof trail that procurement, security, or counsel can review without reconstructing the story from scattered docs.
Use this page to see how the facts can be packaged. The example company, dates, and workflow are fictional and should be adapted to your own agreements and review process.
Use the sample to make the packet concrete.
If you arrived from the procurement flow or the free hub, keep the next step narrow: see the packet shape, then move to the blank template or teardown if needed.
The fictional change
- Company: BeaconFlow AI, a small B2B SaaS team with EU and enterprise customers.
- Current stack already includes OpenAI, Vercel, Supabase, Stripe, PostHog, and Intercom.
- Planned change: add Anthropic as a second model provider for a customer-facing drafting feature.
- Immediate blocker: enterprise buyer asks for one review packet instead of separate answers across procurement, security, and legal threads.
What the packet is doing
- Shows the named AI vendors instead of a vague “third-party providers” summary.
- Separates the changed vendor from the rest of the current stack.
- Maps the change to the customer segment that may need notice.
- Points reviewers to one proof trail so the thread can move forward or escalate cleanly.
1. Packet snapshot
| Company | BeaconFlow AI |
|---|---|
| Product or workflow reviewed | AI drafting assistant for customer-support teams |
| Review owner | Founder and ops lead |
| Packet date | 2026-05-07 |
| Planned effective date | 2026-06-10 |
| Review request source | Enterprise pilot procurement thread |
| Review type | Procurement and security review before launch expansion |
2. Current AI vendor stack
| Vendor | Purpose | Data categories | Region or transfer context | Status |
|---|---|---|---|---|
| OpenAI | Primary model inference for drafting assistant responses | User prompts, generated output, support context snippets | US processing with contractual transfer review | Active |
| Anthropic | Secondary model provider for fallback and high-accuracy workflows | User prompts, generated output, support context snippets | US processing with contractual transfer review | Planned |
| Vercel | Application hosting and deployment | Account identifiers, app traffic metadata | US hosting and delivery | Active |
| Supabase | Application database and auth | Account records, workspace data, auth metadata | US project region under DPA review | Active |
| PostHog | Product analytics and feature usage telemetry | User identifiers, event metadata, workspace IDs | US processing for product analytics | Active |
| Stripe | Billing and payment operations | Billing contact data, subscription metadata | US processing for billing records | Active |
| Intercom | Customer support and in-app help | Support messages, contact details, workspace identifiers | US processing for support workflow | Active |
3. What changed
| Change type | Add Anthropic as a second model provider for fallback routing and enterprise prompt classes. |
|---|---|
| Why the change is happening | Reduce single-provider dependency and improve output reliability for procurement-sensitive accounts. |
| Product area affected | Customer-facing drafting assistant and support summarization workflows. |
| Existing workflow impact | OpenAI remains active; Anthropic is added as an optional inference path rather than replacing the current provider. |
| Data involved | User prompts, generated output, selected support-ticket context, workspace identifiers. |
| Open confirmation items | Final customer segmentation list, exact launch cohort, and whether any customer agreements require a separate notice before activation. |
4. Customer scope and notice logic
| Segment | Accounts or contract class | Agreement version | Notice required? | Notice window | Contact route |
|---|---|---|---|---|---|
| Enterprise EU customers | Signed DPA with explicit subprocessor notice language | 2025 enterprise DPA | Review, likely yes | 30 days before effective use | Named privacy or legal contact plus account owner |
| Standard self-serve customers | Website terms and privacy notice only | Public terms as of 2026-03 | No direct notice planned | Public page refresh before launch | Public subprocessor page and changelog note |
| US enterprise customers without custom DPA language | MSA plus standard privacy addendum | 2025 enterprise addendum | Review | Check account-specific clause | Account owner with legal fallback |
5. Reviewer questions answered fast
Which AI vendors are actually in scope?
OpenAI remains active. Anthropic is the new planned addition. Vercel, Supabase, PostHog, Stripe, and Intercom stay in the packet because reviewers usually want the surrounding operational stack, not only the model name.
Who may need notice first?
EU enterprise accounts on signed DPAs are the first cohort to check because they are the most likely to carry direct notice or objection-window terms tied to subprocessors.
What is still unresolved?
The packet still needs final segment confirmation, the send owner, and the final proof links. That makes the next action explicit instead of hiding it behind vague “legal review pending” language.
6. Proof trail
| Evidence item | Link or location | Owner | Complete? |
|---|---|---|---|
| Current public vendor page | `/privacy/subprocessors` snapshot in internal docs | Ops lead | Yes |
| Updated draft vendor page | Draft page copy with Anthropic row and updated date | Founder | In progress |
| Draft customer notice | NoticeKit AI notice template adapted for enterprise EU cohort | Founder | In progress |
| Archived screenshot or page capture | Pre-change screenshot set in launch ticket | Ops lead | Yes |
| Tracker row or internal ticket | Vendor-change tracker row with send deadline and owner | Ops lead | Yes |
| Security or procurement notes | Enterprise pilot review doc, open questions section | Account owner | Yes |
| Open legal or privacy questions | DPA clause review note for EU enterprise cohort | Counsel | Open |
| Final closeout note | Pending send completion and proof capture | Founder | Open |
7. Decision and next step
Packet is review-ready, not launch-ready.
The stack, change summary, and evidence trail are clear enough for the first procurement pass. The launch still depends on final segment validation and the notice decision for EU enterprise customers.
Finish the notice lane before the effective date.
Name the send owner, adapt the AI notice template for the affected enterprise cohort, and capture the updated public-page screenshot so the packet closes with proof instead of intent.
8. Handoff summary for the review thread
Thread-ready summary
We are reviewing one planned AI vendor addition affecting enterprise customers with signed DPAs. The packet below includes the current stack, the proposed Anthropic addition, the likely notice-sensitive customer cohorts, the effective-date plan, and the proof items still being finalized before activation.
Turn the example into your own packet.
Copy the blank packet, pull the AI stack rows into it, and use the free teardown if you want the shortest possible read on what is still missing.
Want a packet-specific gap read?
Send one live page, one planned AI vendor change, and one affected customer segment. NoticeKit can reply with the clearest missing piece before the review thread gets longer.