Subprocessors

Under the GDPR, a sub-processor is any business or contractor customer data that may pass through as a side effect of using Willo's service. This definition is very broad and includes things some might simply consider "hardware", like cloud infrastructure.

We use partners for some business processes that are not core to our expertise but are critical to our customers having a quality experience. Here is our list of sub-processors:

Supplier	Service	Location	GDPR Role
Aircall	VoIP for user and customer voice communication.	AWS, USA (US West servers in Oregon)	Data processor
Amazon AWS	Cloud storage of platform data, including video content. All data is encrypted at rest.	Varies	Data processor & Data controller
Firebase	Websockets & Realtime Database for live data refresh.	Google Cloud Platform, USA (Central)	Data Controller
Google, Inc	User analytics and reporting with GA4.	Varies	Data Controller
Helpscout	User support ticket system and knowledge-base.	USA (Various locations)	Data processor
Hubspot	CRM for all paying customers communication and proposals.	Google Cloud Platform, EU (Frankfurt, Germany region)	Data processor
Kombo	Unified API for selected ATS integrations.	Google Cloud Platform, EU	Data processor & Data Controller
New Relic	Performance and availability monitoring.	EU	Data processor
Sendgrid	Transactional email communications.	USA (Herndon, VA; Las Vegas, NV; and Chicago, IL)	Data Controller
Sentry	Realtime error logging and reporting.	USA (Iowa)	Data processor
Stripe	Secure Payment processing.	AWS, EU	Data processor & Data controller
Twilio	Transactional SMS communications.	AWS, USA (US East servers in northern Virginia)	Data Controller
Yoti	Automated Identity Verification and Right to Work checks. (Optional)	UK	Data Processor
Deepgram	Used to transcribe audio in real time. (Optional)	USA (West and Midwest region)	Data Processor
OpenAI	GPT API used to integrate advanced AI functions. (Optional)	USA	Data Controller