Subprocessors

Last updated: May 12, 2026

Subprocessors are third parties that process personal data on our behalf to help us deliver Avaplicity. We only engage subprocessors under written terms that include confidentiality and data protection obligations.

For questions, email privacy@avaplicity.com.

Infrastructure

Vendor	Purpose	Data processed	Location	Links
Vercel	Website hosting and CDN	Website request metadata (including IP address), logs, and basic analytics cookies (if enabled).	See vendor policy	Privacy Subprocessors
Amazon Web Services (AWS)	Application infrastructure (Kubernetes/EKS), object storage (S3), secrets management (Secrets Manager), encryption (KMS)	Hosted application data (encrypted at rest) and operational logs/metrics needed to run the service.	See vendor policy	Privacy

Analytics and Monitoring

Vendor	Purpose	Data processed	Location	Links
PostHog	Website analytics	Pageview and event metadata (device/browser details; IP address per provider defaults).	See vendor policy	Privacy
Sentry	Application error monitoring, crash reporting, release health, and selected performance traces	Operational error and release metadata with sensitive fields scrubbed before export.	See vendor policy	Privacy
Better Stack	Uptime monitoring, heartbeats, private status page, and incident routing	Operational availability metadata, monitor results, and incident-routing metadata.	See vendor policy	Privacy

Feature Flags

Vendor	Purpose	Data processed	Location	Links
LaunchDarkly	Feature flag management and kill switches	Feature flag evaluation data and pseudonymous identifiers.	See vendor policy	Privacy

Authentication and Identity

Vendor	Purpose	Data processed	Location	Links
Firebase Authentication	User authentication	Email address (if used), authentication tokens, and sign-in metadata.	See vendor policy	Privacy

Payments

Vendor	Purpose	Data processed	Location	Links
RevenueCat	Future subscription and entitlement management, if paid plans launch	Purchase receipts, subscription status, and pseudonymous app/user identifiers if paid subscriptions become available.	See vendor policy	Privacy

AI and Telephony

Vendor	Purpose	Data processed	Location	Links
OpenAI	AI inference and live conversation processing	Prompts, call context, transcripts, notes, structured execution context, and other content you provide as part of using the service.	See vendor policy	Privacy
Twilio	Telephony, PSTN origination/termination, callback handling, and carrier lifecycle events	Phone number, call metadata (timestamps, duration, status), call identifiers, and recordings/transcripts only if enabled.	See vendor policy	Privacy

Data Stores

Vendor	Purpose	Data processed	Location	Links
MongoDB Atlas	Primary database	Account data and user content stored in the service (as configured).	See vendor policy	Privacy
Redis (managed)	Cache and locks	Ephemeral cache keys and metadata used to operate the service.	See vendor policy	Redis

Change log

May 12, 2026: Updated the active analytics and monitoring subprocessor list to Sentry and Better Stack.
April 20, 2026: Updated the list for phone-first early access; added Twilio for telephony workflows, removed Cartesia from the active call path, and broadened OpenAI's purpose for live conversation processing.
February 6, 2026: Refreshed the list and removed placeholder entries.