Sikurd uses the third-party services listed below to deliver the platform. These vendors process customer personal data on our behalf as “sub-processors” under Article 28 of the GDPR. We have a Data Processing Agreement (DPA) in place with each vendor.
Customers receive at least 30 days’ written notice before any new sub-processor goes live, per our Data Processing Agreement. Subscribe any address (yours, your DPO’s, procurement’s) below — every notice includes a one-click unsubscribe.
Current sub-processors
| Vendor | Purpose | Data handled | Location & transfer mechanism | DPA |
|---|---|---|---|---|
| Stripe, Inc. | Subscription billing, payment processing, invoicing. | Tenant owner name, billing email, billing address, payment method (tokenized — never seen by Sikurd), invoice history. | United States EU-US Data Privacy Framework participant + Standard Contractual Clauses. | View |
| Twilio SendGrid Inc. | Outbound transactional email (alerts, account, billing, password reset, weekly digests). | Recipient email address, recipient name, email subject + body content. | United States EU-US Data Privacy Framework + Standard Contractual Clauses (Twilio's DPA). | View |
| Anthropic, PBC | AI-generated incident summaries, version-release intelligence, fleet-analysis answers. | Anonymized instance + fleet metadata (FQDN, version, alert types, health and call-volume counts, anonymized top-talker ranks). No customer credentials, no caller phone numbers, no call recordings. | United States Standard Contractual Clauses. Anthropic does not train models on Sikurd's API traffic. | View |
| ElevenLabs, Inc. | Text-to-speech rendering of IVR greetings and queue prompts (AI Voice Studio), and a conversational AI agent that powers the sales chat on the marketing site. | Text the operator submits for synthesis; and, for the sales chat, the messages and voice audio exchanged in a conversation. No PBX call content or stored credentials are sent. | United States Standard Contractual Clauses (ElevenLabs DPA). | View |
| Neon, Inc. | Managed Postgres database — primary data store for all tenant and customer data. | All tenant + user + instance data described in the privacy policy. Encrypted at rest (AES-256-GCM for credential fields; Neon-managed encryption for everything else). | United States (AWS us-east-1). Standard Contractual Clauses. EU-region availability on the Sikurd roadmap pending demand from EU-resident customers. | View |
| Vercel, Inc. | Hosting + edge delivery of the Sikurd web application. | HTTP request/response metadata, session cookies, transient request bodies. No persistent data store — Vercel functions read from Neon. | United States (primary region) with global edge. EU-US Data Privacy Framework participant + Standard Contractual Clauses. | View |
| Railway Corp. | Hosting for the background poll worker (the long-running Node process that polls each 3CX instance + sends alerts). | Same DB connection as Vercel — transient access to tenant + instance data during polling. No separate persistent store on Railway itself. | United States. Standard Contractual Clauses. | View |
| DigitalOcean, LLC | Hosting for the geo-distributed network probe agents that measure call quality (MOS) from multiple regions. | Customer 3CX FQDN (host name only) for TCP probing. No call content, no credentials, no end-user data. | Multiple regions: New York (US), San Francisco (US), Frankfurt (Germany), Singapore, Sydney (Australia). Standard Contractual Clauses. | View |
| Vultr Holdings Corp. | Hosting for the South America probe agent (São Paulo). | Same as DigitalOcean (FQDN only, no content). | Brazil (São Paulo). Standard Contractual Clauses. | View |
| Backblaze, Inc. (B2 Cloud Storage) | Off-site, immutable storage for Sikurd-managed 3CX backups (Object Lock retention for ransomware resilience). | Encrypted 3CX backup archives, stored under a per-tenant prefix. Each archive is encrypted with a per-tenant key before upload; Backblaze never holds the decryption key. | United States. Standard Contractual Clauses. | View |
| Dialora, Inc. | Outbound AI voice-call alerts — places a phone call to the on-call engineer when a critical alert fires and voice alerting is enabled. | On-call recipient phone number (E.164) and name, plus the alert summary (instance name + alert type) read out on the call. Only sent when the operator enables voice-call alerts. | United States. Standard Contractual Clauses. | View |
| Upstash, Inc. | Managed Redis — session cache and background-job queue (BullMQ) for the polling and alerting pipeline. | Session tokens and transient job metadata (tenant, instance, and alert identifiers). No backup content, no call content, no credentials. | United States. Standard Contractual Clauses. | View |
Changelog
- June 16, 2026: Expanded the ElevenLabs entry: beyond text-to-speech for IVR prompts, ElevenLabs now powers the marketing-site sales chat (a conversational AI agent). Conversation messages and voice audio are shared to provide the chat.
- June 8, 2026: Added Backblaze B2 (encrypted managed-backup storage), Dialora (outbound voice-call alerts), and Upstash (Redis session cache + job queue) to reflect every service that touches customer data.
- May 26, 2026: Added DigitalOcean and Vultr (geo-distributed probe agents — Network Quality feature). Customer 3CX FQDN names are sent to these regions for TCP connectivity probing only; no call content or credentials.
- May 19, 2026: Initial publication. Stripe, SendGrid, Anthropic, ElevenLabs, Neon, Vercel, Railway.
Contact
Questions about a specific sub-processor: privacy@sikurd.com. Change notices are self-serve via the subscription form above — privacy@ also works if you prefer to be added by hand.