← Compliance · sourced from celliq's sub-processor register

●Sub-processors register · v.2026-05-07

Third parties processing your customer data.

Every vendor with access to data flowing through celliq, the data they touch, where it goes, and the legal basis for transfer. Updated in real time from celliq's internal register.

⚠

Pending change · 23 days remaining on customer notice

ElevenLabs scope upgrading from TTS-only to full voice runtime (see decision). Effective 2026-06-01. No change to data classes processed.

view detail

Core · always processing

These vendors process customer data on every call, regardless of which integrations are connected.

6 active

Twilio Inc. ● active

Telephony · SIP trunks, outbound dial, inbound receive, call recording.

Phone numbers (E.164)
Call audio (recorded segments)
Call metadata (duration, disposition)

Region: EU (Frankfurt) · US fallback
Transfer basis: SCCs + UK IDTA
Role: Processor (sub-processor)
Added: 2026-05-11
DPA: twilio.com/legal/dpa ↗

ElevenLabs Inc. ⚠ scope changing 2026-06-01

Voice runtime + TTS. Scope upgrading from TTS-only to full voice runtime per recent product update.

Call audio (live + transcribed)
Agent script + dynamic context
Voice profile metadata

Pending: 30-day customer notice in progress (effective 2026-06-01). No new data classes; existing classes processed under expanded handling.

Region: US multi-region · EU pin pending
Transfer basis: SCCs + UK IDTA
Role: Processor (sub-processor)
Added: 2026-05-11
DPA: elevenlabs.io/dpa ↗

Google Cloud · Vertex AI ● active

LLM (Gemini 2.5 Flash + Pro) for extraction + agent turn loop.

Call transcript snippets
Pre-call brief + plan context

Region: europe-west4 (Belgium)
Transfer basis: SCCs (under GCP DPA)
Role: Processor (sub-processor)
Added: 2026-05-11
DPA: cloud.google.com/terms ↗

Google Cloud Platform ● active

Cloud SQL (canonical store), Cloud Run, Cloud Storage, Pub/Sub, BigQuery, Artifact Registry.

All structured customer data — agents, calls, outcomes, contacts, accounts
Call recordings + transcripts (Cloud Storage)
Compute logs + traces
Pseudonymised analytics events (BigQuery)

Region: europe-west2 (London)
Transfer basis: SCCs (under GCP DPA)
Role: Processor (sub-processor)
Added: 2026-05-11
DPA: cloud.google.com/terms ↗

Firebase (Google) ● active

Authentication + UI hosting.

User identities (email, name, login timestamps)

Region: eur3 (Europe-West)
Transfer basis: SCCs (Google terms)
Role: Processor (sub-processor)
Added: 2026-05-11
DPA: firebase.google.com/terms ↗

PostHog Inc. ● active

Product analytics — user journeys, page views, funnels.

Hashed user_id + tenant_id (no raw PII)
UI interaction event names + non-PII properties

PII never lands here — enforced via events/posthog-allowlist.ts: technical guardrail.

Region: EU (eu.posthog.com)
Transfer basis: SCCs (US-incorp, EU-hosted)
Role: Processor (sub-processor)
Added: 2026-05-11
DPA: posthog.com/dpa ↗

Customer-installed · active when integration enabled

These vendors only receive data if you've connected the corresponding integration in Settings → Integrations. Disconnect any time to stop processing.

3 connected · 0 disconnected

HubSpot Inc. connected

CRM · read prospect data, write outcomes, ticket creation.

Prospect names + contact info
Account data
Call summaries + structured outcomes

Activates when: you connect HubSpot via Settings → Integrations. Disconnecting stops new data flow but does not retroactively delete written records (use DSAR for that).

Region: your HubSpot org region (US/EU/AU)
Transfer basis: customer-side · SCCs in our HubSpot DPA
Role: Independent processor
Connected: 2026-05-11 by James
DPA: legal.hubspot.com/dpa ↗

Google Workspace · Calendar connected

Calendar reads + meeting bookings.

AE availability
Meeting attendees + content

Activates when: you connect Google Calendar via Settings → Integrations. Required for PA-002 Speed-to-Lead and PA-005 Pre-Call Qualifier.

Region: your Google Workspace region
Transfer basis: customer-side · Google Workspace terms
Role: Independent processor
Connected: 2026-05-12 by James
DPA: workspace.google.com/terms ↗

Slack Technologies connected

Notifications · escalations, meeting-booked alerts, daily digests.

Call summaries
Recording links (signed URLs, 24h TTL)

Activates when: you connect Slack via Settings → Integrations. Disconnecting stops new posts; existing Slack messages remain in your workspace.

Region: your Slack workspace region
Transfer basis: customer-side · Slack DPA
Role: Independent processor
Connected: 2026-05-12 by James
DPA: slack.com/dpa ↗

Recent changes

2026-05-08 ElevenLabs scope upgrade scheduled · 30-day notice begins · effective 2026-06-01

2026-05-12 Slack connected by James · customer-installed

2026-05-12 Google Calendar connected by James · customer-installed

2026-05-11 HubSpot connected by James · customer-installed

2026-05-11 6 core sub-processors added · register published

2026-05-07 Neon removed · Postgres moved to Cloud SQL inside GCP

Notification policy

Material changes to this register trigger a 30-day in-app banner notice to your workspace admins (our compliance policy). Material changes include: adding a sub-processor, removing one, or upgrading the scope of an existing one. Email notifications ship at GA when invite-flow infrastructure lands.

Audit-source: data/sub-processors.yaml in the celliq repo · CODEOWNERS-gated · changes require James + (post-counsel) external counsel approval.