Official Legal Document
Subprocessors
This is the official legal document published by Voice2Evolve.
Die deutsche Übersetzung ist noch nicht verfügbar. Es gilt die englische Originalfassung.
Effective date
2026-03-02
Legal version
2026-02-08
Legal entity
voice2evolve UG (haftungsbeschränkt)
Registered office
Amtsgericht Stuttgart, HRB 803557
Last updated: March 6, 2026
Voice2Evolve UG (haftungsbeschränkt) ("Voice2Evolve") uses the following third-party subprocessors to deliver the Voice2Evolve Services. All subprocessors are bound by data processing agreements with obligations equivalent to those set out in the Master Data Processing Agreement (MDPA).
This list is maintained in accordance with GDPR Article 28(2). Voice2Evolve will provide reasonable prior notice of new or changed subprocessors. To receive notifications, contact help@voice2evolve.com.
Current Subprocessors
| Provider | Role | Data Location | Legal Safeguards |
|---|---|---|---|
| Supabase Inc. | Database, Authentication | EU (Frankfurt, Germany) | GDPR DPA + SCCs |
| OpenAI, L.L.C. | AI Inference / Voice API | United States | SCCs + CPRA Compliance |
| Stripe Payments Europe Ltd. | Payment Processing | EU / United States | GDPR DPA + SCCs |
| Vercel Inc. | Frontend Hosting (CDN) | EU / United States | SCCs |
| Railway Corp. | Backend Infrastructure | EU | GDPR DPA |
| Cloudflare, Inc. | DNS Resolution, WebRTC TURN Relay | EU / United States | GDPR DPA + SCCs |
| Sentry, Inc. | Error Monitoring | EU / United States | GDPR DPA + SCCs |
| Rybbit | Website & Product Analytics | EU (EEA — Hetzner) | GDPR DPA + SCCs |
| Plus Five Five, Inc. (Resend) | Transactional Email | United States | GDPR DPA + SCCs + EU-US DPF |
| Anthropic PBC | AI Inference (LLM) | United States | GDPR DPA + SCCs |
Notes
- Rybbit analytics is limited to the marketing site and selected app areas. Tracking is fully disabled on sensitive areas (session processing, analysis results, account and billing management, authentication, and administration). Active session views, setup/planning flows, and invitation flows are measured with URL-path anonymisation (visits counted; identifiers and tokens not transmitted in clear path form).
- OpenAI and Anthropic process prompt data for voice session analysis. Data minimisation is applied; zero-data-retention (ZDR) options are evaluated where available at the applicable plan tier.
- Stripe acts as payment processor and is subject to PCI DSS Level 1 compliance independent of this agreement. For fraud prevention and card verification, Stripe may collect the cardholder's billing name, billing address (including ZIP/postal code), and IP address at checkout. Stripe also sets device-identification cookies (
__stripe_mid,__stripe_sid) via its JavaScript library. Stripe acts as an independent controller for fraud and risk data under its own privacy policy (stripe.com/privacy).
Contact
To receive advance notice of subprocessor changes or to raise an objection under GDPR Article 28(2), contact: