Subprocessor registry
These are the third-party vendors ("subprocessors") that may process customer data to deliver the DialPhone Service. Every entry is covered by a Data Processing Agreement with DialPhone. 30-day advance notice for any changes.
Last updated: April 22, 2026
Infrastructure
| Vendor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Primary cloud infrastructure, compute, storage, KMS | US, EU |
| Google Cloud Platform | Secondary cloud infrastructure, AI/ML workloads | US, EU |
| Cloudflare | CDN, DDoS protection, WAF, DNS | Global edge |
| Fastly | Secondary CDN | Global edge |
Voice & messaging carriers
| Vendor | Purpose | Location |
|---|---|---|
| Bandwidth | US PSTN termination and origination | US |
| Twilio | International voice and messaging fallback routes | Global |
| Vonage | Secondary PSTN for redundancy | US, EU |
AI / ML providers
| Vendor | Purpose | Location |
|---|---|---|
| Anthropic | Claude models for transcription, summaries, AI SMS drafting | US |
| OpenAI | GPT-family models for conversation intelligence | US |
| Google (Gemini) | Multimodal analysis and classification | US, EU |
| Deepgram | Real-time speech-to-text | US |
Operations
| Vendor | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | US, EU |
| SendGrid (Twilio) | Transactional email delivery | US |
| Zendesk | Customer support ticketing (DialPhone support) | US |
| Salesforce | Internal CRM (not customer data) | US |
| Gong | Internal sales-call intelligence (not customer data) | US |
Security & observability
| Vendor | Purpose | Location |
|---|---|---|
| Datadog | Application performance monitoring, logs, metrics | US |
| Snyk | Dependency and container vulnerability scanning | US |
| HashiCorp Vault | Secrets management (self-hosted) | US |
Subprocessor FAQ
How do I get notified of subprocessor changes?
Subscribe to the subprocessor mailing list via privacy@dialphone.com. 30-day advance notice sent to account admins before any addition or replacement.
Can I object to a subprocessor?
Yes. Objections on reasonable data-protection grounds can be raised within the 30-day window. We discuss remediation; if unresolvable, customer may terminate the affected Service per the DPA.
Where do the subprocessors process data?
Location column indicates primary processing region. US customers: US-only subprocessor routes by default. EU customers: EU residency option routes EU data through EU-located subprocessors where available.
Are subprocessors under BAA for HIPAA customers?
Yes. Every subprocessor that may touch PHI has a signed BAA with DialPhone. The list is a subset of the full registry — request the HIPAA-specific subprocessor list during BAA signing.