Subprocessors · 19 vendors · 5 categories
Subprocessors · 19 vendors · 5 categories Subprocessor
registry.
Third-party vendors that may process customer data to deliver the DialPhone Service. Every entry is covered by a Data Processing Agreement with DialPhone. 30-day advance notice for any changes.
Last updated April 22, 2026
Subprocessor transparency is a procurement requirement under both GDPR Article 28 and most enterprise security reviews. The full registry below lists every third-party vendor that may process customer data in the course of delivering DialPhone — including infrastructure (AWS, Google Cloud), AI model providers (Anthropic, OpenAI, Google), email and SMS routing partners, payment processors, observability and security tooling, and authentication providers. Each entry declares the data category, processing region, and applicable transfer mechanism.
Changes follow a published process. Any addition or replacement of a subprocessor is announced 30 days in advance to account admins via the subprocessor mailing list (subscribe via [email protected]) and posted as a visible last-updated date on this page. Customers can object on reasonable data-protection grounds within the 30-day window; objections trigger a discussion of remediation paths and, if unresolvable, allow termination of the affected service per the DPA.
Three sibling pages complete the privacy framework. The privacy commitments page explains the customer-data-handling posture. The DPA is the contractual instrument. The GDPR page covers EU-specific transfer mechanisms (SCCs, UK IDTA, Swiss FADP). For specific subprocessor questions or to request a signed subprocessor list for procurement, email [email protected].
Category
Infrastructure
-
Amazon Web Services (AWS)
US, EUPrimary cloud infrastructure, compute, storage, KMS
-
Google Cloud Platform
US, EUSecondary cloud infrastructure, AI/ML workloads
-
Cloudflare
Global edgeCDN, DDoS protection, WAF, DNS
-
Fastly
Global edgeSecondary CDN
Category
Voice & messaging carriers
-
Bandwidth
USUS PSTN termination and origination
-
Twilio
GlobalInternational voice and messaging fallback routes
-
Vonage
US, EUSecondary PSTN for redundancy
Category
AI / ML providers
-
Anthropic
USClaude models for transcription, summaries, AI SMS drafting
-
OpenAI
USGPT-family models for conversation intelligence
-
Google (Gemini)
US, EUMultimodal analysis and classification
-
Deepgram
USReal-time speech-to-text
Category
Operations
-
Stripe
US, EUPayment processing
-
SendGrid (Twilio)
USTransactional email delivery
-
Zendesk
USCustomer support ticketing (DialPhone support)
-
Salesforce
USInternal CRM (not customer data)
-
Gong
USInternal sales-call intelligence (not customer data)
Category
Security & observability
-
Datadog
USApplication performance monitoring, logs, metrics
-
Snyk
USDependency and container vulnerability scanning
-
HashiCorp Vault
USSecrets management (self-hosted)
Subprocessor FAQ
How do I get notified of subprocessor changes?
Subscribe to the subprocessor mailing list via [email protected]. 30-day advance notice sent to account admins before any addition or replacement. See our privacy commitments for the full data-handling posture.
Can I object to a subprocessor?
Yes. Objections on reasonable data-protection grounds can be raised within the 30-day window. We discuss remediation; if unresolvable, customer may terminate the affected Service per the DPA.
Where do the subprocessors process data?
Location column indicates primary processing region. US customers: US-only subprocessor routes by default. EU customers: EU residency option routes EU data through EU-located subprocessors where available.
Are subprocessors under BAA for HIPAA customers?
Yes. Every subprocessor that may touch PHI has a signed BAA with DialPhone. The list is a subset of the full registry, request the HIPAA-specific subprocessor list during BAA signing.