Subprocessor List

Last Updated: 2024-12-19

Overview

Whispie ("We", "Us", "Our") uses the following third-party processors (subprocessors) to provide our services. This list transparently discloses all subprocessors that process your personal data in accordance with GDPR, CCPA, KVKK, and other data protection regulations.

Subprocessor List

Subprocessor Service Purpose Data Types Processed Location DPA
Stripe, Inc.
Privacy Policy ↗
Payment Processing Credit card payment processing, subscription management
  • Payment information
  • Billing information
  • Contact details
USA Yes
Supabase, Inc.
Privacy Policy ↗
Database, Authentication User data storage, identity management, API services
  • All user data
  • Health data
  • Identity information
  • Application data
USA (AWS) Yes
Twilio, Inc.
Privacy Policy ↗
SMS Verification Phone number verification, two-factor authentication
  • Phone numbers
  • Verification codes
  • IP addresses
USA Yes
Resend
Privacy Policy ↗
Transactional Emails In-app email delivery, notifications
  • Email addresses
  • Email content
  • Contact information
USA No
Sentry
Privacy Policy ↗
Error Tracking & Performance Monitoring Application error monitoring, performance metrics
  • Error logs
  • IP addresses
  • Device information
  • Usage data
USA Yes
Cloudflare, Inc.
Privacy Policy ↗
DNS, CDN, Security Services Website security, content delivery, DNS management
  • IP addresses
  • Traffic data
  • DNS queries
  • Log files
Global Yes
Meta Platforms, Inc.
Privacy Policy ↗
Facebook Ads Marketing, ad measurement, audience targeting
  • Transaction data
  • Device information
  • Usage data
  • Ad interactions
USA Yes
Google LLC
Privacy Policy ↗
Google Analytics Website analytics, user behavior analysis
  • IP addresses
  • Usage data
  • Device information
  • Cookies
USA Yes
ImprovMX
Privacy Policy ↗
Email Forwarding Email forwarding services
  • Email headers
  • Sender information
USA No

Note: DPA (Data Processing Addendum) indicates whether we have a signed data processing agreement with the subprocessor.

Security Safeguards

All our subprocessors maintain high standards for data security and privacy. Contracts with each subprocessor include necessary technical and organizational measures to ensure the security of your data.

🔒 SOC 2 Type II

Security, availability, processing integrity, confidentiality, and privacy controls

🏢 ISO 27001

Information security management system standard

💳 PCI DSS

Payment Card Industry Data Security Standard

🇪🇺 GDPR

General Data Protection Regulation compliance

🏥 HIPAA

Health Insurance Portability and Accountability Act

Data Transfer Mechanisms

Transfers of personal data outside the European Economic Area (EEA) are safeguarded by the following mechanisms:

  • Adequacy Decisions: European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs): EU-approved contractual clauses
  • Binding Corporate Rules (BCRs): Approved corporate rules for international transfers
  • Derogations: Specific exceptions (explicit consent, contract necessity)

Change Notifications

This list is updated periodically. When we add new subprocessors or make changes to existing ones, we will update this page and provide email notification for significant changes.

Contact: For questions about our subprocessors, please contact us at [email protected]

Your Rights

To exercise your rights under GDPR, CCPA, KVKK, and other data protection laws, please contact us at [email protected]. These rights include access, correction, deletion, and objection to data processing.

Regional Specific Rights:

  • EU/UK (GDPR): Right to access, rectification, erasure, restriction, portability, objection
  • California (CCPA/CPRA): Right to know, delete, opt-out of sale, non-discrimination
  • Turkey (KVKK): Right to learn, access, rectification, deletion, objection
  • Other Regions: Similar rights under local data protection laws

Additional Information

For more detailed information about our data processing practices, please refer to our:

  • Privacy Policy
  • Data Processing Addendum
  • Security Policy