Subprocessors & Trust

Last updated: 2 July 2026. We give account owners 30 days' email/console notice before adding a subprocessor that will process customer content, with a right to object on reasonable grounds (Terms §10).

Subprocessors that may process customer content (calls, transcripts, bookings)

ProviderRoleData touchedProcessing location*
Google Cloud PlatformPrimary hosting (compute, storage)All service dataIndia (asia-south1)
LiveKit CloudReal-time call media (WebRTC/SIP)Live call audio, call metadataIndia region (expanding per-region with launches)
DeepgramSpeech-to-textLive call audio → textUS
GroqLLM inference (primary)Conversation textUS
AnthropicLLM inference (fallback)Conversation textUS
CartesiaText-to-speechReply text → audioUS
NeonPostgres (dev/qa/prod cloud envs)Tenant data in those envsSingapore/US per env
UpstashRedis (rate limits, counters)Phone-number hashes, countersSingapore/US per env
FreJunTelephony carrier (India +91)Call signalling/media, phone numbersIndia
TwilioTelephony carrier (international)Call signalling/media, phone numbersUS/global

Configured-but-optional (active only when the feature is enabled): Resend or SMTP provider (transactional email), Meta (WhatsApp Business Cloud API) and MSG91 (SMS, India DLT), Razorpay / Stripe (payments — they hold card/UPI data; we never do), Cloudflare (Turnstile bot protection on public forms).

Ancillary vendors that do not process patient content: GitHub (source code), Docker Hub (build artifacts).

*Locations reflect current configuration and provider disclosures; regional hosting options will update this table. AI providers are used via API configurations/tiers whose terms exclude training on submitted data.

Security measures (summary)

Requesting our DPA / security questionnaire

A signable DPA (with EU SCCs / UK Addendum) and completed security questionnaires are available to customers and serious evaluators: [LEGAL EMAIL].