Subprocessors
A transparent list of third-party services we engage to deliver and improve the Wexio platform.
Last updated: March 31, 2026
This page lists the third-party subprocessors ("Subprocessors") that Wexio LLC ("Wexio") engages to process personal data on behalf of our customers in connection with the provision of the Wexio platform.
Each Subprocessor undergoes a security and privacy review before engagement, and we maintain appropriate contractual safeguards - including Data Processing Agreements (DPAs) compliant with Article 28 of the General Data Protection Regulation (GDPR) - with each Subprocessor listed below.
We only share the minimum data necessary for each Subprocessor to perform its designated function. You may subscribe to notifications of changes to this list. If you have questions about any Subprocessor, please contact us at privacy@wexio.io.
Overview
To provide the Wexio platform, we engage a limited number of third-party subprocessors. Each subprocessor undergoes a security and privacy review before engagement, and we maintain contractual safeguards (including Data Processing Agreements) with each.
We only share the minimum data necessary for each subprocessor to perform its function. Below is the current list of subprocessors organized by category.
Infrastructure & Hosting
| Subprocessor | Purpose of Processing | Data Processed | Location | More Information |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, compute, storage, and managed database services | All platform data (encrypted at rest and in transit) | EU (Ireland) | AWS GDPR DPA |
| Vercel | Edge hosting, CDN, and serverless functions for web application | Web traffic, request metadata | EU (Ireland) / Global (Edge Network) | Vercel DPA |
| MongoDB Atlas | Managed database service for application data | Application data, user data, conversation data | EU (Ireland, AWS) | MongoDB DPA |
| Upstash | Serverless Redis for caching, rate limiting, and queues | Cache keys, session tokens, rate limit counters | EU (Ireland) | Upstash DPA |
Amazon Web Services (AWS)
EU (Ireland)Cloud hosting, compute, storage, and managed database services
All platform data (encrypted at rest and in transit)
AWS GDPR DPAVercel
EU (Ireland) / Global (Edge Network)Edge hosting, CDN, and serverless functions for web application
Web traffic, request metadata
Vercel DPAMongoDB Atlas
EU (Ireland, AWS)Managed database service for application data
Application data, user data, conversation data
MongoDB DPAUpstash
EU (Ireland)Serverless Redis for caching, rate limiting, and queues
Cache keys, session tokens, rate limit counters
Upstash DPAAI & Machine Learning
These processors are engaged when AI-powered features are used within the platform.
| Subprocessor | Purpose of Processing | Data Processed | Location | More Information |
|---|---|---|---|---|
| OpenAI | AI response assistance, conversation summarisation, and sentiment analysis | Conversation messages, user prompts (no data retained by provider) | US / EU | OpenAI DPA |
| Anthropic | AI response assistance and conversation analysis | Conversation messages, user prompts (no data retained by provider) | US / EU | Anthropic DPA |
OpenAI
US / EUAI response assistance, conversation summarisation, and sentiment analysis
Conversation messages, user prompts (no data retained by provider)
OpenAI DPAAnthropic
US / EUAI response assistance and conversation analysis
Conversation messages, user prompts (no data retained by provider)
Anthropic DPAEmail & Communications
| Subprocessor | Purpose of Processing | Data Processed | Location | More Information |
|---|---|---|---|---|
| Resend | Transactional and notification email delivery | Email addresses, email content, delivery metadata | US | Resend DPA |
Resend
USTransactional and notification email delivery
Email addresses, email content, delivery metadata
Resend DPAPayments
| Subprocessor | Purpose of Processing | Data Processed | Location | More Information |
|---|---|---|---|---|
| Stripe | Payment processing and subscription management | Billing information, payment method tokens, invoice data | US / EU | Stripe DPA |
Stripe
US / EUPayment processing and subscription management
Billing information, payment method tokens, invoice data
Stripe DPAMessaging Channels
These processors handle messages when you connect the respective channel integrations.
| Subprocessor | Purpose of Processing | Data Processed | Location | More Information |
|---|---|---|---|---|
| Meta Platforms (WhatsApp, Instagram) | WhatsApp Business API and Instagram messaging | Messages, media, contact information | US / EU | Meta DPA |
| Telegram | Telegram Bot API messaging | Messages, media, user identifiers | Global | Telegram Privacy Policy |
| Viber (Rakuten) | Viber messaging API | Messages, media, user identifiers | Global | Viber Terms of Use |
Meta Platforms (WhatsApp, Instagram)
US / EUWhatsApp Business API and Instagram messaging
Messages, media, contact information
Meta DPAThird-Party Integrations
These processors are engaged only when you activate the corresponding integration.
| Subprocessor | Purpose of Processing | Data Processed | Location | More Information |
|---|---|---|---|---|
| HubSpot | CRM integration for contact sync and activity logging | Contact details, conversation summaries, activity logs | US / EU | HubSpot DPA |
| Salesforce | CRM integration for contact sync and activity logging | Contact details, conversation summaries, activity logs | US / EU | Salesforce DPA |
| Google BigQuery | Data warehouse for analytics and reporting | Anonymized usage data, aggregated metrics | EU (Frankfurt) | Google Cloud DPA |
HubSpot
US / EUCRM integration for contact sync and activity logging
Contact details, conversation summaries, activity logs
HubSpot DPASalesforce
US / EUCRM integration for contact sync and activity logging
Contact details, conversation summaries, activity logs
Salesforce DPAGoogle BigQuery
EU (Frankfurt)Data warehouse for analytics and reporting
Anonymized usage data, aggregated metrics
Google Cloud DPAAnalytics & Monitoring
| Subprocessor | Purpose of Processing | Data Processed | Location | More Information |
|---|---|---|---|---|
| Google Analytics 4 | Website traffic analysis and user behaviour metrics | Anonymised page views, session data, device information | EU (Analytics data) | Google Ads DPA |
| Google reCAPTCHA | Bot detection and abuse prevention on forms | Browser fingerprinting data, interaction patterns | US | Google Privacy Policy |
Google Analytics 4
EU (Analytics data)Website traffic analysis and user behaviour metrics
Anonymised page views, session data, device information
Google Ads DPAGoogle reCAPTCHA
USBot detection and abuse prevention on forms
Browser fingerprinting data, interaction patterns
Google Privacy PolicyChanges to This List
We may update this list as our service providers change. We will notify affected customers at least 30 days before engaging a new subprocessor that processes personal data.
If you object to a new Subprocessor, you may terminate the affected services by providing written notice within the 30-day notification period, in accordance with the terms of your Data Processing Agreement.
Subscribe to our updates to be notified of changes to this subprocessor list.