🔔 Subscribe to Updates
Receive notifications when we add or change sub-processors. Email privacy@virvell.ai with subject "Sub-processor Updates Subscription"
What are Sub-Processors?
Sub-processors are third-party service providers that Virvell engages to process customer data on our behalf. Under our Data Processing Agreement (DPA), we maintain full transparency about all sub-processors who may have access to your data.
We ensure that all sub-processors:
- Enter into written agreements with data protection obligations substantially similar to our DPA
- Implement appropriate technical and organizational security measures
- Process data only as instructed by Virvell and our customers
- Comply with applicable data protection laws (GDPR, PIPEDA, CCPA, etc.)
Current Sub-Processors
AI Language Services Provider
Core ServiceService Provided: Natural language processing and conversation analysis
Data Processed: Voice transcripts, conversation content, behavioral insights
Location: United States
Purpose: Powering AI-driven conversation analysis and report generation
Security: SOC 2 Type II certified, enterprise-grade encryption
Voice Processing Provider
Core ServiceService Provided: Voice call infrastructure, transcription, and processing
Data Processed: Voice recordings, phone numbers, call metadata
Location: United States
Purpose: Orchestrating voice calls and converting speech to text
Security: SOC 2 Type II certified, encrypted call handling
Stripe, Inc.
PaymentService Provided: Payment processing and subscription management
Data Processed: Payment information, billing addresses, subscription details
Location: United States
Purpose: Processing customer payments and managing subscriptions
Security: PCI DSS Level 1 certified
Privacy Policy: stripe.com/privacy
Salesforce (Heroku)
InfrastructureService Provided: Cloud hosting infrastructure and database management
Data Processed: All customer data stored in the Virvell platform
Location: United States (US region)
Purpose: Hosting the Virvell application and securely storing data
Security: SOC 2 Type II, ISO 27001, GDPR compliant
Privacy Policy: salesforce.com/privacy
Twilio Inc. (SendGrid)
CommunicationService Provided: Transactional email delivery
Data Processed: Email addresses, notification content, delivery metadata
Location: United States
Purpose: Sending automated emails (reports, notifications, alerts)
Security: SOC 2 Type II, ISO 27001 certified
Privacy Policy: twilio.com/privacy
Adding New Sub-Processors
When we engage a new sub-processor, we:
- Notify customers via email at least 30 days before authorization
- Update this page with full details about the new sub-processor
- Provide objection period of 10 business days as outlined in our DPA
- Ensure compliance with the same data protection standards as existing sub-processors
✉️ How to Object to a New Sub-Processor
Enterprise customers have the right to object to new sub-processors for reasonable and explained grounds. To exercise this right:
- Send written objection to privacy@virvell.ai
- Include your reasons for objection
- Submit within 10 business days of receiving notification
We will work in good faith to resolve your concerns or provide alternative service delivery methods.
Data Protection Safeguards
All sub-processors are contractually required to:
- Process data only on Virvell's documented instructions
- Implement appropriate security measures (encryption, access controls, monitoring)
- Assist with data subject rights requests (access, deletion, portability)
- Notify Virvell immediately of any data breaches
- Delete or return data upon termination of services
- Allow audits and inspections of their data processing activities
International Data Transfers
Some sub-processors are located outside your jurisdiction. For transfers from the EU/EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK Addendum for UK GDPR compliance
- Swiss Addendum for Swiss FADP compliance
- Additional safeguards including encryption and data minimization
See our Data Processing Agreement for full details on cross-border transfer mechanisms.
Questions About Sub-Processors?
Contact our privacy team:
- Privacy inquiries: privacy@virvell.ai
- Security questions: security@virvell.ai
- DPA requests: legal@virvell.ai
Related Documents:
Data Processing Agreement |
Privacy Policy |
Security & Compliance