Legal

Sub-processors

The third-party services Sikurd uses to operate the platform, and what data each one handles.

Sikurd uses the third-party services listed below to deliver the platform. These vendors process customer personal data on our behalf as “sub-processors” under Article 28 of the GDPR. We have a Data Processing Agreement (DPA) in place with each vendor.

Customers receive at least 30 days’ written notice before any new sub-processor goes live, per our Data Processing Agreement. Subscribe any address (yours, your DPO’s, procurement’s) below — every notice includes a one-click unsubscribe.

Current sub-processors

VendorPurposeData handledLocation & transfer mechanismDPA
Stripe, Inc.Subscription billing, payment processing, invoicing.Tenant owner name, billing email, billing address, payment method (tokenized — never seen by Sikurd), invoice history.
United States
EU-US Data Privacy Framework participant + Standard Contractual Clauses.
View
Twilio SendGrid Inc.Outbound transactional email (alerts, account, billing, password reset, weekly digests).Recipient email address, recipient name, email subject + body content.
United States
EU-US Data Privacy Framework + Standard Contractual Clauses (Twilio's DPA).
View
Anthropic, PBCAI-generated incident summaries, version-release intelligence, fleet-analysis answers.Anonymized instance + fleet metadata (FQDN, version, alert types, health and call-volume counts, anonymized top-talker ranks). No customer credentials, no caller phone numbers, no call recordings.
United States
Standard Contractual Clauses. Anthropic does not train models on Sikurd's API traffic.
View
ElevenLabs, Inc.Text-to-speech rendering of IVR greetings and queue prompts (AI Voice Studio), and a conversational AI agent that powers the sales chat on the marketing site.Text the operator submits for synthesis; and, for the sales chat, the messages and voice audio exchanged in a conversation. No PBX call content or stored credentials are sent.
United States
Standard Contractual Clauses (ElevenLabs DPA).
View
Neon, Inc.Managed Postgres database — primary data store for all tenant and customer data.All tenant + user + instance data described in the privacy policy. Encrypted at rest (AES-256-GCM for credential fields; Neon-managed encryption for everything else).
United States (AWS us-east-1).
Standard Contractual Clauses. EU-region availability on the Sikurd roadmap pending demand from EU-resident customers.
View
Vercel, Inc.Hosting + edge delivery of the Sikurd web application.HTTP request/response metadata, session cookies, transient request bodies. No persistent data store — Vercel functions read from Neon.
United States (primary region) with global edge.
EU-US Data Privacy Framework participant + Standard Contractual Clauses.
View
Railway Corp.Hosting for the background poll worker (the long-running Node process that polls each 3CX instance + sends alerts).Same DB connection as Vercel — transient access to tenant + instance data during polling. No separate persistent store on Railway itself.
United States.
Standard Contractual Clauses.
View
DigitalOcean, LLCHosting for the geo-distributed network probe agents that measure call quality (MOS) from multiple regions.Customer 3CX FQDN (host name only) for TCP probing. No call content, no credentials, no end-user data.
Multiple regions: New York (US), San Francisco (US), Frankfurt (Germany), Singapore, Sydney (Australia).
Standard Contractual Clauses.
View
Vultr Holdings Corp.Hosting for the South America probe agent (São Paulo).Same as DigitalOcean (FQDN only, no content).
Brazil (São Paulo).
Standard Contractual Clauses.
View
Backblaze, Inc. (B2 Cloud Storage)Off-site, immutable storage for Sikurd-managed 3CX backups (Object Lock retention for ransomware resilience).Encrypted 3CX backup archives, stored under a per-tenant prefix. Each archive is encrypted with a per-tenant key before upload; Backblaze never holds the decryption key.
United States.
Standard Contractual Clauses.
View
Dialora, Inc.Outbound AI voice-call alerts — places a phone call to the on-call engineer when a critical alert fires and voice alerting is enabled.On-call recipient phone number (E.164) and name, plus the alert summary (instance name + alert type) read out on the call. Only sent when the operator enables voice-call alerts.
United States.
Standard Contractual Clauses.
View
Upstash, Inc.Managed Redis — session cache and background-job queue (BullMQ) for the polling and alerting pipeline.Session tokens and transient job metadata (tenant, instance, and alert identifiers). No backup content, no call content, no credentials.
United States.
Standard Contractual Clauses.
View

Changelog

  • June 16, 2026: Expanded the ElevenLabs entry: beyond text-to-speech for IVR prompts, ElevenLabs now powers the marketing-site sales chat (a conversational AI agent). Conversation messages and voice audio are shared to provide the chat.
  • June 8, 2026: Added Backblaze B2 (encrypted managed-backup storage), Dialora (outbound voice-call alerts), and Upstash (Redis session cache + job queue) to reflect every service that touches customer data.
  • May 26, 2026: Added DigitalOcean and Vultr (geo-distributed probe agents — Network Quality feature). Customer 3CX FQDN names are sent to these regions for TCP connectivity probing only; no call content or credentials.
  • May 19, 2026: Initial publication. Stripe, SendGrid, Anthropic, ElevenLabs, Neon, Vercel, Railway.

Contact

Questions about a specific sub-processor: privacy@sikurd.com. Change notices are self-serve via the subscription form above — privacy@ also works if you prefer to be added by hand.