Subprocessors
Under the GDPR, a sub-processor is any business or contractor customer data that may pass through as a side effect of using Willo's service. This definition is very broad and includes things some might simply consider "hardware", like cloud infrastructure.
Where Customer Personal Data is transferred from the EEA/UK to a third country, Willo relies on (i) the EU–US Data Privacy Framework (DPF) and, where applicable, the UK Extension, and/or (ii) the EU Standard Contractual Clauses (2021/914) (with the UK Addendum for UK data). If a certification lapses or no longer covers the processing, Willo automatically relies on the SCCs + UK Addendum without reducing the level of protection.
We use partners for some business processes that are not core to our expertise but are critical to our customers having a quality experience.
Here is our list of Sub-processors:
| Sub-processor | Purpose | Processing Location |
|---|---|---|
| Amazon AWS | Cloud storage of platform data, including video content. All data is encrypted at rest. | EU & US |
| Firebase | Websockets & Realtime Database for live data refresh. | EU & US |
| Google, Inc | User analytics and reporting with GA4. | EU & US |
| Helpscout | User support ticket system and knowledge-base. | US |
| Hubspot | CRM & customer communications for onboarding, account admin, service notifications and support. | EU & US |
| Kombo | Unified API for selected ATS integrations. | EU |
| New Relic | Performance and availability monitoring. | EU & US |
| Sendgrid | Transactional email communications. | US |
| Sentry | Realtime error logging and reporting. | US |
| Twilio | Transactional SMS communications. | US |
| Yoti | Automated Identity Verification and Right to Work checks. (Optional) | UK & EU |
| Deepgram | Used to transcribe audio in real time. (Optional) | EU |
| OpenAI | GPT API used to integrate advanced AI functions. (Optional) | EU & US |