Sub-processors List
Last updated: March 1, 2026
InFlow AI uses the following third-party sub-processors to deliver our services. Each sub-processor has been vetted for security and data protection compliance.
Current Sub-processors
| Sub-processor | Purpose | Location | Data Processed |
|---|---|---|---|
| Supabase (AWS) | Database hosting & authentication | EU (Frankfurt) | All platform data |
| Resend | Email delivery | US | Debtor email addresses, message content |
| Twilio | SMS delivery | US | Debtor phone numbers, message content |
| Meta (WhatsApp) | WhatsApp messaging | US / EU | Debtor phone numbers, message content |
| Stripe | Payment processing | US | Payment card details (tokenized) |
| Vercel | Application hosting | US / EU | Application logs, session data |
| OpenAI | AI classification of debtor replies | US | Reply content (anonymized) |
Data Protection Measures
For each sub-processor:
- We maintain a Data Processing Agreement (DPA) ensuring GDPR and UAE PDPL compliance
- Data transfers to the US are covered by Standard Contractual Clauses (SCCs)
- We conduct annual security reviews of all sub-processors
- We minimize the data shared with each sub-processor to what is strictly necessary
Notification of Changes
We will notify customers at least 30 days in advance before adding or replacing a sub-processor. You may object to a new sub-processor by contacting us within 14 days of notification.
Contact
Questions about our sub-processors? Contact dpo@inflowai.ai.