Skip to content
aiva
  • Product
  • Languages
  • Customers
  • Pricing
Sign inStart free
Product›Languages›Customers›Pricing›Start free
Already have an account? Sign in →

Ready when your customers are.

Start free, live in under four minutes. Or get a walkthrough in your inbox.

aiva

AI that answers every call, chat and text — in every Indian language.

All systems answering

Product

  • Voice
  • Web widget
  • SMS
  • Analytics
  • Integrations
  • Solutions

Company

  • Customers
  • About
  • Careers
  • Contact

Resources

  • Help center
  • Changelog
  • Status
  • Book a demo
  • Pricing

Legal

  • Privacy
  • Terms
  • DPA
  • GDPR
  • Cookies
  • Sub-processors
  • Security
© 2026 AIVA Technologies Pvt. Ltd.·Made with care in Rajkot, answering in 12 languages.
LegalLast updated: May 12, 2026Version 3.120 sub-processors total

Sub-processors.

Every third party that processes your data when you use AIVA. We list all of them, what they do, where they sit, and how they're certified — so your security review can be done in an afternoon, not a month.

Read the TL;DRSubscribe to changes
Contents
  • ★TL;DR
  • 01Core infrastructure
  • 02Voice & SMS
  • 03AI model providers
  • 04Internal tools
  • 05Change notifications
  • 06Right to object
TL;DR · in plain English

The short version, before the table:

  • We use 20 sub-processors total. Every one is named below, with purpose and region.
  • Customer data stays in the EU (Frankfurt) by default unless you opt in to US routing.
  • AI model providers (OpenAI, Anthropic) run under zero-data-retention contracts — your data is never used to train models.
  • We give 30 days' notice before adding or replacing a sub-processor. You can object — see section 06.
  • This list is updated within 7 days of any change. Subscribe to the change feed and we'll email you.
01

Core infrastructure.

These vendors run the platform itself — hosting, observability, billing, transactional email. None of them have access to your conversation content; only AWS (encrypted at rest, encryption keys held by us) and Sentry (with PII scrubbing) touch it incidentally.

Core infrastructure sub-processors — purpose, region and certifications
Sub-processorPurposeRegionCertifications
Amazon Web ServicesApplication hosting, primary database, object storageEU (Frankfurt), US (Virginia)SOC 2 · ISO 27001 · HIPAA
CloudflareCDN, DDoS protection, edge cacheGlobalSOC 2 · ISO 27001
StripePayment processing, billing, subscriptionsUS, EU (Ireland)PCI DSS · SOC 2
SentryError tracking and performance monitoringEU (Frankfurt)SOC 2 · ISO 27001
Plausible AnalyticsCookieless website analytics — aggregate only, no session replay or personal dataEU (Germany)GDPR-compliant · EU-hosted
PostmarkTransactional email deliveryUSSOC 2
02

Voice & SMS.

These carriers route messages and calls between you, your customers, and AIVA. They see message content in transit — same as any other telecom carrier — but never store it longer than required by their own retention windows (typically 7–30 days, configurable).

Speech-to-text (Deepgram) and text-to-speech (ElevenLabs) operate on audio streams in real time. Audio is not retained for training under our contracts with either vendor.

Communication channel sub-processors — purpose, region and certifications
Sub-processorPurposeRegionCertifications
TwilioVoice calls, SMSUS, EU (Ireland)SOC 2 · ISO 27001 · HIPAA · PCI
PlivoVoice & SMS — Indian carrier routingIndia, USSOC 2 · ISO 27001
ExotelIndian voice & SMS — Tier 1 carrier routingIndiaISO 27001 · CMMI L5
DeepgramSpeech-to-text (transcription for voice)USSOC 2 · HIPAA
ElevenLabsText-to-speech (AIVA voice synthesis)US, EUSOC 2
03

AI model providers.

These vendors host the foundation models AIVA uses for reasoning, retrieval, and generation. All four run under zero-data-retention contracts — your inputs and outputs are not stored, logged for training, or accessible to vendor staff.

We route conversations to whichever model performs best for your use case. You can request a pin to a specific provider for compliance reasons.

AI model sub-processors — purpose, region and certifications
Sub-processorPurposeRegionCertifications
OpenAIConversational reasoning (zero-data-retention)USSOC 2 — ZDR enabled, no training on customer data
AnthropicConversational reasoning (zero-data-retention)USSOC 2 — ZDR enabled, no training on customer data
Voyage AIEmbeddings for retrieval / RAGUSSOC 2 — no training on customer data
CohereRe-ranker for retrieval (failover)US, CanadaSOC 2
04

Internal tools.

AIVA staff use these tools to run the company. They do not process your customers' conversation data — they hold metadata only (your contract terms, our internal tickets, the marketing site).

We list them because some compliance reviews ask. If you don't care about AIVA's internal stack, skip this section.

Productivity and tooling sub-processors — purpose, region and certifications
Sub-processorPurposeRegionCertifications
Google WorkspaceInternal email, docs, calendars for AIVA staffGlobalSOC 2 · ISO 27001 · ISO 27017
LinearEngineering issue tracking (no customer data)USSOC 2
GitHubSource code, deployment, CIUSSOC 2 · ISO 27001
VercelMarketing site (aivachat.io) hosting onlyGlobalSOC 2
HubSpotCRM for AIVA sales — never your customer dataEU, USSOC 2 · ISO 27001
05

How we notify you of changes.

We give 30 days' written notice before adding a new sub-processor or replacing an existing one — sent to the email address on your billing account.

You can also subscribe to the standalone change feed (RSS or email digest). New entries appear here within 7 days of any change.

  • Email digest — subscribe via dpo@aivachat.io
  • RSS feed — aivachat.io/sub-processors/feed.xml
  • Or follow the changelog — sub-processor changes always appear there too
06

Your right to object.

If you object to a new sub-processor on reasonable data-protection grounds, you have two options:

  • We work with you to find an acceptable alternative — usually we can route around the vendor for affected customers.
  • You can terminate without penalty within 30 days of the change going live. We'll refund any pre-paid annual fees pro-rata and help you export your data.

Object by emailing dpo@aivachat.io. We respond within 5 business days.

This list is governed by the Data Processing Addendum, section 04 (“Sub-processors”). Read that for the full contractual terms.

‹ Back to the Data Processing Addendum