Sub-Processors
Third parties Velogics engages to process Operator or End-User personal data. Last updated: May 28, 2026.
Velogics engages the following sub-processors to deliver the platform. Each sub-processor is bound by contractual obligations no less protective than those in our DPA. Sub-processors are added or replaced only after due-diligence review; Operators receive at least 30 days' prior notice of any new sub-processor that processes End-User personal data and may object on reasonable data-protection grounds during that notice period.
To subscribe to sub-processor change notifications, email admin@velogics.ai with your account email and we will add you to the notice list.
Hosting & infrastructure
Vercel, Inc.
United StatesPurpose: Application hosting, edge runtime, serverless function execution for the marketing site, operator portal, and webhook endpoints.
Data: All Operator and End-User data passes through Vercel in-memory during request handling.
Neon (Databricks, Inc.)
United StatesPurpose: Managed Postgres database for Operator account data, encrypted OAuth tokens, knowledge-base content, conversation history, and integration cache.
Data: Persistent storage of Operator and End-User personal data.
Upstash, Inc.
United StatesPurpose: Managed Redis used for rate-limiting and ephemeral session state.
Data: IP addresses, request fingerprints (short-lived, typically minutes).
AI providers
Anthropic, PBC
United StatesPurpose: Large language model API for chatbot replies, voice responses, outbound email drafting, content generation, SEO recommendations, and similar AI features.
Data: Targeted feature inputs only — Operator brand context, KB excerpts, current conversation fragment, the specific item the AI is asked to draft. Not used to train Anthropic models.
Telephony & SMS
Twilio, Inc.
United StatesPurpose: Inbound and outbound voice telephony, voice recording, transcription, SMS delivery, A2P 10DLC campaign registration.
Data: Caller phone numbers, call audio and transcripts, SMS message content, delivery metadata.
Email delivery
Postmark (ActiveCampaign, LLC)
United StatesPurpose: Outbound email delivery for AI Prospector and AI Loyalty Manager campaigns.
Data: Recipient email and name, message content, delivery and engagement metadata (sent, delivered, opened, clicked, replied, bounced, unsubscribed).
Resend, Inc.
United StatesPurpose: Transactional email — contact-form replies from the marketing site, account notifications, billing receipts, security alerts.
Data: Recipient email, message content, delivery metadata.
Billing
Stripe, Inc.
United StatesPurpose: Subscription billing, payment-method storage, invoicing, tax calculation, fraud screening.
Data: Operator billing identifiers, payment-method metadata (Stripe holds the card; we hold a token), invoice history. We do not store full card numbers.
Operator-connected integrations (only when the Operator authorises them)
Google LLC — Business Profile, Search Console
United StatesPurpose: GBP post publishing, Search Console rank tracking and SEO insights, on behalf of the connecting Operator. See Privacy Policy § 11 for full disclosure.
Data: Encrypted OAuth tokens; cached rankings, audit results, and recommendations.
LinkedIn Corporation
United StatesPurpose: Posting Operator-approved content to the Operator's LinkedIn page, when connected.
Data: Encrypted OAuth tokens; post content as authored or approved by the Operator.
FollowUp Boss
United StatesPurpose: Native CRM sync — lead push, status updates, and conversation logs, when connected.
Data: OAuth credentials; lead contact details and conversation summaries.
Zapier, Inc.
United StatesPurpose: Routing leads and events to Operator-selected destinations (other CRMs, scheduling tools, ops tools), when connected.
Data: Webhook payloads containing lead data the Operator routes through Zapier.
Questions or change-notice requests
Email admin@velogics.ai. For DPA-related requests, see velogics.ai/legal/dpa.