Sub-processors
Version 2.0 - Effective 2026-07-08 - Change log
Template document: review by a qualified data-protection lawyer or DPO before commercial reliance. Not legal advice.
Amaigo uses the sub-processors below to provide the Whistle service. Each processes personal data on Amaigo's behalf under a written contract imposing data-protection obligations equivalent to those in our DPA. Amaigo remains fully liable for each sub-processor's performance.
Hosting is EU by default. The only transfer outside the EU and UK is redacted free-text chat content to the AI sub-processor, described in the first row below and assessed in our transfer risk assessment.
Current sub-processors
| Name | Purpose | Personal data involved | Location / region | Transfer mechanism |
|---|---|---|---|---|
| Anthropic | AI processing of chat free text to qualify enquiries and draft responses | Redacted free-text chat content only. Contact and identity data (name, email, phone) is captured through structured fields and is not sent to Anthropic by design. Free text is passed through automated redaction of emails, phone numbers, and long digit runs first. | United States | EU-US Data Privacy Framework and UK Extension (primary, while valid); EU SCCs Module 3 and the UK Addendum executed as automatic fallback |
| Railway | Application hosting and the PostgreSQL database (leads, bookings, consent records) | All service data: contact details, enquiry data, booking details, consent records | EU (Amsterdam) | None required (EU processing) |
| Vercel | Marketing site and serverless functions | Contact-form and site enquiry data | EU (Frankfurt, fra1 region) | None required (EU processing) |
| Cal.com | Appointment availability, booking, and booking confirmation emails | Name, email, phone, booking details | EU | None required (EU processing) |
| Resend or Postmark (EU) | Lead alert emails to the client firm | Lead contact details and enquiry summary contained in alert emails | EU | None required (EU processing) |
| SMS provider | Appointment reminder texts. Applies only if the client enables SMS reminders; disabled by default. | Phone number, appointment time | EU | None required (EU processing) |
| Cloudflare | DNS, WAF, and bot mitigation in front of the service | Traffic metadata only (IP addresses, request headers) passing through the network edge; Cloudflare does not store lead or chat data | Global edge network; EU-relevant safeguards under its data-processing terms | Sub-processor data-processing terms including SCCs where applicable |
AI sub-processor terms
Following the pattern law-firm DPOs ask about first, the AI row in plain terms:
- Training on customer data: No. Anthropic's commercial API terms prohibit training on customer content.
- Retention: short, bounded retention under Anthropic's commercial terms. A zero-data-retention arrangement is on our roadmap and will be reflected here once in place; we do not claim it today.
- Data sent: redacted free text only; no contact or identity data by design.
- Details of the AI pipeline are at /ai-transparency.
Conditional applicability
- The SMS provider processes data only if the client enables SMS reminders in its configuration.
- Cloudflare sees traffic metadata for all deployments but holds no stored lead, booking, or chat data.
Changes to this list
- We give at least 30 days advance notice of any addition or replacement of a sub-processor, by email to each active client's registered contact.
- Prospects, DPOs, and anyone else can subscribe to change notices: email [email protected] with the subject "Subscribe: sub-processor updates".
- The canonical record of changes is the change log.
- Clients may object to a change on reasonable data-protection grounds within the notice window, per the DPA and the Sub-processor Change Notification Policy.
This document is a GDPR-aligned template and must be reviewed by a qualified data-protection lawyer or DPO before commercial reliance. It is not legal advice.