Phone2, Inc. Sub-processor List and Data Protection Practices

1. Introduction

Phone2, Inc. ("Phone2," "we," "our," or "us") engages carefully selected third-party service providers ("Sub-Processors") to support the delivery of our services, including our Slack integration and core communications infrastructure. This document discloses those Sub-Processors and explains how we protect customer data when it is processed by these providers.

All Sub-Processors are contractually required to process data solely on our behalf and in accordance with applicable data protection regulations, including GDPR, CCPA, and industry security standards.

2. Definition of Sub-Processors

A "Sub-Processor" is any third-party service provider that Phone2 authorizes to process personal data, infrastructure metadata, or communications-related information on our behalf as part of delivering our services.

3. Current Authorized Sub-Processors

The following entities may process limited customer or usage-related data for the purposes outlined below:

Sub-Processor	Purpose	Data Processed	Location
Microsoft Azure	Cloud hosting and core infrastructure	Encrypted account and authentication data	United States
Amazon Web Services (AWS)	Backup and redundancy infrastructure	Encrypted call and messaging metadata (for redundancy)	United States
Stripe	Payment processing and subscription billing	Customer identifiers and billing details	United States / EU
Slack Technologies	Messaging and internal notification delivery	Workspace identifiers, channel metadata, alert text	United States
Google (Firebase / Workspace / Analytics)	Internal tools, analytics, and logging	Crash logs, usage behavior, support-related data	United States
Public Switched Telephone Network (PSTN) Providers	Global call and SMS delivery	Phone numbers and routing metadata strictly for transmission	Worldwide (determined by destination)

4. Data Transfer and Protection Measures

All Sub-Processors are required to implement industry-standard security measures, including:

Encryption in transit (TLS 1.2 or higher) and encryption at rest.
Access controls with strict authentication requirements.
Processing data solely under Phone2's documented instructions.

Where data may be transferred internationally, such transfers are performed in compliance with applicable regulations, including GDPR-approved mechanisms such as Standard Contractual Clauses (SCCs).

5. Updates to This List

We may update this Sub-Processor list from time to time as our infrastructure evolves. When material changes occur, we will post an updated revision date at the top of this page.

6. Contact Information

If you have any questions regarding this Sub-Processor list or our data protection practices, please contact us at:

Phone2, Inc.
8 The Green
Dover, DE 19901 USA
Email: hello@phone2.io

Phone2, Inc. Sub-processor List and Data Protection Practices

1. Introduction

2. Definition of Sub-Processors

3. Current Authorized Sub-Processors

The following entities may process limited customer or usage-related data for the purposes outlined below:

Sub-Processor	Purpose	Data Processed	Location
Microsoft Azure	Cloud hosting and core infrastructure	Encrypted account and authentication data	United States
Amazon Web Services (AWS)	Backup and redundancy infrastructure	Encrypted call and messaging metadata (for redundancy)	United States
Stripe	Payment processing and subscription billing	Customer identifiers and billing details	United States / EU
Slack Technologies	Messaging and internal notification delivery	Workspace identifiers, channel metadata, alert text	United States
Google (Firebase / Workspace / Analytics)	Internal tools, analytics, and logging	Crash logs, usage behavior, support-related data	United States
Public Switched Telephone Network (PSTN) Providers	Global call and SMS delivery	Phone numbers and routing metadata strictly for transmission	Worldwide (determined by destination)

4. Data Transfer and Protection Measures

All Sub-Processors are required to implement industry-standard security measures, including:

Encryption in transit (TLS 1.2 or higher) and encryption at rest.
Access controls with strict authentication requirements.
Processing data solely under Phone2's documented instructions.

Where data may be transferred internationally, such transfers are performed in compliance with applicable regulations, including GDPR-approved mechanisms such as Standard Contractual Clauses (SCCs).

5. Updates to This List

We may update this Sub-Processor list from time to time as our infrastructure evolves. When material changes occur, we will post an updated revision date at the top of this page.

6. Contact Information

If you have any questions regarding this Sub-Processor list or our data protection practices, please contact us at:

Phone2, Inc.
8 The Green
Dover, DE 19901 USA
Email: hello@phone2.io

Phone2, Inc. Legal Sub-Processors and Data Protection

1. Introduction

2. Definition of Sub-Processors

3. Current Authorized Sub-Processors

4. Data Transfer and Protection Measures

5. Updates to This List

6. Contact Information

Phone2, Inc. Legal Sub-Processors and Data Protection

1. Introduction

2. Definition of Sub-Processors

3. Current Authorized Sub-Processors

4. Data Transfer and Protection Measures

5. Updates to This List

6. Contact Information