Subprocessors
Under the GDPR, a sub-processor is any business or contractor customer data that may pass through as a side effect of using Willo's service. This definition is very broad and includes things some might simply consider "hardware", like cloud infrastructure.
Where Customer Personal Data is transferred from the EEA/UK to a third country, Willo relies on (i) the EU–US Data Privacy Framework (DPF) and, where applicable, the UK Extension, and/or (ii) the EU Standard Contractual Clauses (2021/914) (with the UK Addendum for UK data). If a certification lapses or no longer covers the processing, Willo automatically relies on the SCCs + UK Addendum without reducing the level of protection.
We use partners for some business processes that are not core to our expertise but are critical to our customers and candidates having a quality experience.
Here is our list of Sub-processors:
| Sub-processor | Purpose | Processing Location |
|---|---|---|
| Amazon AWS | Cloud hosting / IaxaS |
EU & US (depending on Service configuration) |
| Anthropic | AI processing for Willo Insights (where enabled), including job blueprint analysis, candidate fit scoring, and assistive insights and summarisation outputs via Claude API | US |
| Firebase | App backend (auth, analytics, storage) |
EU & US (depending on Service configuration) |
| Cloud Employee | Software development services - engineering and product development. | Philippines |
| Newsoft | Software development services - engineering and product development. | Ukraine |
| Google, Inc | Productivity/collaboration for service support (email, docs/drive) incl. customer comms, incidents, admin. | EU & US |
| Helpscout | Helpdesk/ticketing for customer support, incident handling, and DSAR intake. | US |
| Hubspot | CRM & customer communications for onboarding, account admin, service notifications and support. | EU & US |
| Kombo | Unified HR API (integrations) | EU |
| New Relic | Application performance monitoring/observability for service operations (metrics, traces, availability). | EU & US |
| Sendgrid | Email delivery | US |
| Sentry | Error/performance monitoring for reliability (event/error capture, performance traces). | US |
| Twilio | Transactional SMS communications. | US |
| Yoti | Identity verification | UK & EU |
| Deepgram | (Where enabled) Speech-to-text AI | EU |
| OpenAI | (Where enabled) AI text summarisation (API/ChatGPT) | EU & US |