Phone2, Inc. Legal Sub-Processors and Data Protection
Phone2, Inc. Sub-processor List and Data Protection Practices
1. Introduction
Phone2, Inc. ("Phone2," "we," "our," or "us") engages carefully selected third-party service providers ("Sub-Processors") to support the delivery of our services, including our Slack integration and core communications infrastructure. This document discloses those Sub-Processors and explains how we protect customer data when it is processed by these providers.
All Sub-Processors are contractually required to process data solely on our behalf and in accordance with applicable data protection regulations, including GDPR, CCPA, and industry security standards.
2. Definition of Sub-Processors
A "Sub-Processor" is any third-party service provider that Phone2 authorizes to process personal data, infrastructure metadata, or communications-related information on our behalf as part of delivering our services.
3. Current Authorized Sub-Processors
The following entities may process limited customer or usage-related data for the purposes outlined below:
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Microsoft Azure | Cloud hosting and core infrastructure | Encrypted account and authentication data | United States |
| Amazon Web Services (AWS) | Backup and redundancy infrastructure | Encrypted call and messaging metadata (for redundancy) | United States |
| Stripe | Payment processing and subscription billing | Customer identifiers and billing details | United States / EU |
| Slack Technologies | Messaging and internal notification delivery | Workspace identifiers, channel metadata, alert text | United States |
| Google (Firebase / Workspace / Analytics) | Internal tools, analytics, and logging | Crash logs, usage behavior, support-related data | United States |
| Public Switched Telephone Network (PSTN) Providers | Global call and SMS delivery | Phone numbers and routing metadata strictly for transmission | Worldwide (determined by destination) |
4. Data Transfer and Protection Measures
All Sub-Processors are required to implement industry-standard security measures, including:
- Encryption in transit (TLS 1.2 or higher) and encryption at rest.
- Access controls with strict authentication requirements.
- Processing data solely under Phone2's documented instructions.
Where data may be transferred internationally, such transfers are performed in compliance with applicable regulations, including GDPR-approved mechanisms such as Standard Contractual Clauses (SCCs).
5. Updates to This List
We may update this Sub-Processor list from time to time as our infrastructure evolves. When material changes occur, we will post an updated revision date at the top of this page.
6. Contact Information
If you have any questions regarding this Sub-Processor list or our data protection practices, please contact us at:
Phone2, Inc.8 The Green
Dover, DE 19901 USA
Email: hello@phone2.io