Subprocessors · 19 vendors · 5 categories
Subprocessors · 19 vendors · 5 categories Subprocessor
registry.
Third-party vendors that may process customer data to deliver the DialPhone Service. Every entry is covered by a Data Processing Agreement with DialPhone. 30-day advance notice for any changes.
Last updated April 22, 2026
What is a subprocessor?
A subprocessor is a third-party vendor that handles customer data for DialPhone. Examples: the cloud provider that hosts the platform, the carrier that connects voice calls, and the AI provider that powers transcription.
GDPR Article 28 and similar laws set the rules. Every subprocessor signs a written Data Processing Agreement (DPA). Each one must meet the same data-protection standards DialPhone agrees to with customers.
Why DialPhone publishes this registry
Security reviews and GDPR both require this list. The registry below covers every vendor that may touch customer data:
- Infrastructure — AWS, Google Cloud, Cloudflare
- AI model providers — Anthropic, OpenAI, Google
- Voice carriers, email and SMS routing
- Payments, support, security, and monitoring tools
Each entry shows the vendor, what it does, and where it processes data.
How changes work
- Any new or replaced subprocessor is announced 30 days in advance.
- Notices go to account admins. Subscribe via privacy@dialphone.com.
- You can object within the 30-day window on data-protection grounds.
- If an objection cannot be resolved, you may end the affected service under the DPA.
Related pages
- Privacy commitments — how customer data is handled.
- DPA — the contract behind this registry.
- GDPR page — EU transfer mechanisms (SCCs, UK IDTA, Swiss FADP).
Need a signed subprocessor list for procurement? Email legal@dialphone.com.
Category
Infrastructure
-
Amazon Web Services (AWS)
US, EUPrimary cloud infrastructure, compute, storage, KMS
-
Google Cloud Platform
US, EUSecondary cloud infrastructure, AI/ML workloads
-
Cloudflare
Global edgeCDN, DDoS protection, WAF, DNS
-
Fastly
Global edgeSecondary CDN
Category
Voice & messaging carriers
-
Bandwidth
USUS PSTN termination and origination
-
Twilio
GlobalInternational voice and messaging fallback routes
-
Vonage
US, EUSecondary PSTN for redundancy
Category
AI / ML providers
-
Anthropic
USClaude models for transcription, summaries, AI SMS drafting
-
OpenAI
USGPT-family models for conversation intelligence
-
Google (Gemini)
US, EUMultimodal analysis and classification
-
Deepgram
USReal-time speech-to-text
Category
Operations
-
Stripe
US, EUPayment processing
-
SendGrid (Twilio)
USTransactional email delivery
-
Zendesk
USCustomer support ticketing (DialPhone support)
-
Salesforce
USInternal CRM (not customer data)
-
Gong
USInternal sales-call intelligence (not customer data)
Category
Security & observability
-
Datadog
USApplication performance monitoring, logs, metrics
-
Snyk
USDependency and container vulnerability scanning
-
HashiCorp Vault
USSecrets management (self-hosted)
Subprocessor FAQ
What is a subprocessor under GDPR?
A subprocessor is a third-party data processor engaged by DialPhone (the primary processor) to process customer personal data on behalf of the customer (the controller). Under GDPR Article 28, every subprocessor must operate under a written Data Processing Agreement that flows the customer's instructions through DialPhone to the third party. The full chain is: customer → DialPhone → subprocessor. Equivalent definitions apply under CCPA, UK GDPR, Swiss FADP, and Brazil LGPD.
How many subprocessors does DialPhone use?
DialPhone currently engages 19 subprocessors across 5 functional categories: infrastructure, voice and messaging carriers, AI and ML model providers, business operations, and security and observability tooling. The complete registry is on this page above the FAQ. The list is reviewed quarterly and any addition or replacement is announced 30 days in advance.
How do I get notified of subprocessor changes?
Subscribe to the subprocessor mailing list via privacy@dialphone.com. 30-day advance notice is sent to account admins before any addition or replacement. See the privacy commitments page for the full data-handling posture.
Can I object to a new subprocessor?
Yes. Objections on reasonable data-protection grounds can be raised within the 30-day notice window. DialPhone will discuss remediation paths; if the objection cannot be resolved, the customer may terminate the affected Service per the DPA without penalty. Objections must be sent in writing to legal@dialphone.com and reference the announced change.
Where do DialPhone subprocessors process data?
The "Location" column on each subprocessor entry indicates the primary processing region. US customers: US-only subprocessor routes by default. EU customers: the EU data residency option routes EU customer data through EU-located subprocessors where available; cross-border transfers use Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and Swiss FADP equivalents as applicable.
Are subprocessors under a BAA for HIPAA customers?
Yes. Every subprocessor that may touch Protected Health Information (PHI) has a signed Business Associate Agreement (BAA) with DialPhone. The HIPAA-applicable subset is a strict subset of the full registry. Request the signed HIPAA-specific subprocessor list during your BAA execution by emailing legal@dialphone.com.
How often is the subprocessor list updated?
The registry is reviewed quarterly and updated whenever a subprocessor is added, replaced, or removed. The last full review was conducted on April 22, 2026. All changes follow the 30-day advance-notice process; no subprocessor is engaged retroactively.
What happens to my data if DialPhone replaces a subprocessor?
When a subprocessor is replaced, customer data held by the outgoing subprocessor is either migrated to the new subprocessor under continuous DPA coverage or securely destroyed per the outgoing DPA's exit clauses (typically 30-90 days post-replacement). DialPhone publishes the replacement date and the data-handling plan on this page and via the mailing list.