Legal
Sub-processor List
Effective: 2026-05-25 · Last reviewed 2026-05-25
The following third parties process Personal Data on behalf of DineFlow under the Data Processing Addendum. Each sub-processor is bound by data-protection obligations no less protective than the DPA.
We will provide 30 days’ prior notice of additions, removals, or material changes by updating this page and posting an in-product banner. To subscribe to change notifications email general@dineflow.ai.
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Render | Backend application hosting (API + workers) | All processed Personal Data passes through, encrypted in transit | United States |
| Supabase | Managed Postgres + authentication primitives + object storage | Operator accounts, reservations, transcripts, knowledge base, logos | United States and European Union |
| Cloudflare | Global edge CDN, WAF, DDoS protection, DNS | Encrypted traffic, IP addresses for security | Global edge |
| Vercel | Hosting for dashboard + marketing site + widget bundle | Operator and guest browser traffic to dineflow.ai, app.dineflow.ai, widget.dineflow.ai | Global edge |
| Vapi | Voice AI infrastructure (call connect, ASR, TTS pipeline) | Call audio, transcripts, structured tool-call payloads | United States |
| ElevenLabs | Premium voice synthesis (text-to-speech) | Text strings to be spoken by the AI; no caller PII routed through TTS | United States and European Union |
| Telnyx | Phone number provisioning + SMS termination | Caller phone (E.164), inbound SMS body, outbound SMS body | United States and European Union |
| Stripe | Subscription billing, payment processing, invoices | Operator name, email, billing address, payment method (full card number is held by Stripe and never reaches DineFlow) | United States, European Union, Asia |
| Google Cloud (Gemini API) | LLM inference for widget chat, voice prompt generation, ops digest, site scraping | Conversation turns, restaurant config snippets; no training on customer data per API terms | United States and European Union |
| Anthropic (Claude API) | LLM inference fallback for widget chat | Conversation turns; no training on customer data per API terms | United States |
| Google Places API | Restaurant lookup during onboarding (name, address, hours import) | Restaurant business identifiers (not personal data of the operator's guests) | United States |
| Sentry | Error monitoring and crash reporting | Stack traces with PII scrubbed via redactor before transmission | United States and European Union |
| SMTP provider (Outlook 365) | Outbound email (password reset, booking notifications, support) | Recipient email + email body | United States and European Union |
Affiliates
DineFlow.AI Ltd may share Personal Data with its wholly-owned subsidiaries (currently none) to provide the Service, under equivalent data-protection obligations.
Cross-border transfers
Where transfers from the EU/UK to a non-adequate country occur, the parties rely on the European Commission Standard Contractual Clauses (2021) and the UK IDTA as set out in the DPA. Each sub-processor above is either based in an adequacy region or covered by SCCs.
Object to a sub-processor
To object to a new or existing sub-processor on reasonable data-protection grounds, email general@dineflow.ai within 30 days of notice. See DPA Section 7 for the resolution process.
Read with the Privacy Policy and DPA.