⚠️ DRAFT — pending Florida-licensed counsel review
This document was drafted on 2026-04-26 from primary statutes (FL § 934.03, FL § 501.171/FIPA, CAN-SPAM, TCPA, GDPR Article 28) and industry-standard SaaS templates by a non-attorney. It has not been reviewed by a Florida-licensed attorney and is published here for transparency. Customers signing during the draft period are agreeing to the terms as stated, and we will notify them in writing if material changes occur after counsel review. Questions: legal@aifrontdesk.org.
Sub-processors
Last updated: 2026-04-26 · Version: 2026-04-26
AI FrontDesk uses the third-party providers listed below (each, a Sub-processor) to operate the Service. We have a written data-processing agreement with each Sub-processor that imposes obligations no less protective than those we owe to you under our Data Processing Addendum.
To receive email notification when this list changes, contact privacy@aifrontdesk.org. Your right to object to a new Sub-processor is described in DPA §7.
Production Sub-processors
| Sub-processor | Role | Data processed | Region |
|---|---|---|---|
| Telnyx LLC Chicago, IL, USA | Voice telephony, AI Voice Assistant runtime, SMS (10DLC), knowledge-base storage | Inbound caller phone number, audio recording, transcript, tool-call payloads, SMS message content | United States |
| Anthropic PBC San Francisco, CA, USA | Large-language-model inference for the AI receptionist (only when the assistant's LLM slot is set to anthropic/*; not in use for the default Telnyx native LLM, Kimi-K2.5) | Conversation transcripts and tool-call payloads (transient; Anthropic does not train on API data per its zero-retention contract option) | United States |
| Moonshot AI (via Telnyx) | Default native LLM (moonshotai/Kimi-K2.5) running on Telnyx infrastructure, billed and contracted through Telnyx | Conversation transcripts, transient (no model-training reuse) | United States (Telnyx infrastructure) |
| Deepgram, Inc. San Francisco, CA, USA | Speech-to-text transcription (when the assistant's STT slot is set to a Deepgram model). Currently the Service runs ondistil-whisper and does not call Deepgram in production; the entry is included for completeness. | Audio of inbound calls (transient) | United States |
| Nhost, OÜ Tallinn, Estonia (US-West-2 deployment for AI FrontDesk) | Managed Postgres + Hasura GraphQL + authentication + file storage. Source of truth for tenant-isolated business data. | Business configuration, user identities, calls, bookings, escalations, audit log | United States (us-west-2) |
| Netlify, Inc. San Francisco, CA, USA | Web hosting and serverless function execution for aifrontdesk.org and the API | Request metadata (IP, user-agent, request path), application logs (no Personal Data persisted in logs by design) | United States (global edge) |
| Stripe, Inc. San Francisco, CA, USA | Subscription and metered billing for the AI FrontDesk Service (you, the business owner). Processes your billing data, not caller data. | Business owner contact, payment-method tokenized references (Stripe holds the actual card data; we never see it), subscription plan, invoice history | United States |
| Resend, Inc. San Francisco, CA, USA | Outbound transactional email (welcome series, billing receipts, escalation digests, password resets) | Business owner email address, email body content (which may summarize call activity) | United States (us-east-1) |
| Postmark (Wildbit, LLC) Philadelphia, PA, USA | Outbound transactional email — fallback provider used only if Resend returns a non-2xx response | Same categories as Resend, only on fallback paths | United States |
| ImprovMX (Mailmate Pty Ltd) Brisbane, Australia | Inbound email forwarding for support@, privacy@, and other operational mailboxes at aifrontdesk.org → forwarded to a personal Gmail mailbox owned by us | Email metadata and message body sent by you to us | Multiple (per ImprovMX's own infrastructure) |
| Google LLC Mountain View, CA, USA | Google Calendar integration (when you connect your calendar to receive bookings), Google Workspace (if used for support@ forwarding destination) | Booking date/time/title/attendee/location written into your connected calendar; OAuth refresh token stored encrypted at rest by us | United States (multiple regions) |
| Sentry (Functional Software, Inc.) San Francisco, CA, USA | Application error tracking and crash reporting for the web dashboard, API, and mobile app | Stack traces, request paths, user-agent strings, application state at error time. Personal Data is scrubbed by SDK configuration before transmission where possible; some PII may appear in stack-trace local state and is treated as operational. | United States |
| Apple Inc. / Expo, Inc. Cupertino, CA / Palo Alto, CA, USA | APNS (iOS push notifications) and FCM (Android push notifications) via Expo's push service, used to deliver escalation pings to the owner's mobile device | Device push token (per device, rotated by the OS), notification title and short body | United States |
| GitHub, Inc. San Francisco, CA, USA | Off-platform encrypted disaster-recovery backups (a private repository we own holds nightly database snapshots) | JSON snapshots of every public.* table plusauth.users; encrypted at rest | United States |
Sub-processors used only for AI FrontDesk's own internal operations
The following providers process data about AI FrontDesk (e.g., our own employee accounts, marketing, code hosting). They do not process Caller Personal Data and are listed here for transparency:
- Slack Technologies, LLC — internal alerting and incident-response chat
- Anthropic PBC — internal use of Claude for engineering, support, and content drafting (AI FrontDesk customer data is not entered into Claude by our engineers; this is an internal-tooling listing only)
How to receive notifications
Per DPA §7, we provide at least 30 days' notice before adding or replacing a Sub-processor that processes Caller Personal Data. To opt in to that mailing list, email privacy@aifrontdesk.org with subject line SUBSCRIBE subprocessors.