CHATIVOX Subprocessors
Effective: 2026-04-19 — Version: 1.0.0
CHATIVOX uses a small number of third-party services ("subprocessors") to deliver parts of the product. This document lists who they are, what they do, where they operate, and where to find each party's data processing terms.
Controller → Processor → Subprocessor
Our tenants are controllers of their end-visitors' personal data. CHATIVOX is a processor that acts on each tenant's behalf under a written Data Processing Agreement ("DPA"). The parties in the table below are subprocessors engaged by CHATIVOX. We have flow-down DPAs in place with each so that their processing remains bound by equivalent obligations.
When we add a subprocessor or replace one, we bump the MINOR version of the Privacy Policy and of this document, and notify tenants at least 30 days in advance where practicable.
Current subprocessors
| Name | Purpose | Data processed | Region | DPA / terms |
|---|---|---|---|---|
| Railway Corp. | Application hosting — dashboard + API servers and their Postgres/Redis instances | All stored personal data (encrypted at rest) | United States | https://railway.com/legal/dpa |
| Cloudflare, Inc. | Widget delivery via CDN; TLS termination; DDoS protection | Visitor IP + user-agent at the network edge (transit metadata, not content) | Global edge network, operator headquartered in the United States | https://www.cloudflare.com/cloudflare-customer-dpa/ |
| Anthropic, PBC | Claude LLM API — generating chat responses and AI reasoning | Conversation content (pseudonymized where possible) | United States | https://www.anthropic.com/legal/commercial-terms |
| OpenAI, L.L.C. | LLM API (chat completions) and text-embedding API (knowledge-base similarity search) | Conversation content, knowledge-base excerpts | United States | https://openai.com/policies/data-processing-addendum |
| Google LLC | Gemini LLM API — alternative model provider selectable per tenant | Conversation content | United States | https://cloud.google.com/terms/data-processing-addendum |
| Resend, Inc. | Transactional email delivery — password resets, notifications, DSAR magic links | Recipient email address, message body | United States | https://resend.com/legal/dpa |
| Paddle.com Market Ltd. | Merchant of record for tenant subscriptions — payment processing, invoicing, sales-tax compliance | Tenant billing contact, payment method tokens (Paddle-hosted), invoice history | United Kingdom, United States | https://www.paddle.com/legal/data-sharing-addendum |
DPA URLs that are placeholders will be updated when those agreements are executed.
International transfers
All subprocessors listed above include US-based operations. EU/UK personal data transferred to them is covered by the Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum, supplemented by the technical measures described in the Privacy Policy (encryption at rest, TLS in transit, pseudonymization before LLM calls).
External retention
The subprocessors above retain data for their own operational windows independent of CHATIVOX's retention controls. We document what each party retains and the limits of our ability to force deletion on their systems in docs/legal/external-retention.md.
Notification of changes
When this list changes:
- We bump the MINOR version and
effective_datein the frontmatter above. - We notify tenants by email to the primary account contact, at least 30 days before the effective date where practicable.
- Tenants who have a signed DPA and object to a new subprocessor may terminate for convenience within the notice period; otherwise continued use of the service after the effective date constitutes acceptance.
Contact
Questions about this list: privacy@chativox.com