Subprocessors
Last Updated: May 26, 2026
Athena Text uses the following subprocessors to deliver our Service. Each subprocessor has its own privacy and security practices, governed by the policies linked in the right-hand column. This list is incorporated by reference into our Privacy Policy.
Current subprocessors
| Subprocessor | Purpose | Data categories | Hosting region | Privacy notice |
|---|---|---|---|---|
| Twilio, Inc. | SMS delivery, toll-free number provisioning, and toll-free verification (carrier registration). | End-recipient phone numbers; outbound and inbound message bodies; business identity information (legal name, address, website, EIN) submitted to toll-free verification; customer support contact details. | United States | Twilio Privacy Notice |
| Anthropic, PBC | AI-powered processing of inbound SMS message bodies for lead qualification and AI-generated conversation summaries. | Inbound and outbound message bodies; conversation context; tenant-supplied qualification prompts. Anthropic does not train on data submitted via the API. | United States | Anthropic Privacy Policy |
| Stripe, Inc. | Subscription billing, payment processing, and invoice management. | Customer name, email, billing address, payment card data (PCI-DSS compliant, never seen by Athena Text servers), tax identifiers where applicable. | United States | Stripe Privacy Policy |
| Supabase, Inc. | Managed PostgreSQL database hosting for the application back end. | All customer and end-recipient data stored by the application (accounts, leads, conversations, messages, opt-outs, audit logs, billing records). | United States (us-east-1) | Supabase Privacy Policy |
| Railway Corp. | Application server hosting for the Athena Text backend (FastAPI). | Application traffic and request data; application logs; environment configuration. | United States | Railway Privacy Policy |
| Vercel, Inc. | Hosting and content delivery for the marketing website and the application dashboard. | Static and server-rendered content; request metadata (IP address, User-Agent) for performance and abuse prevention; deployment artifacts. | United States (with global CDN edge presence) | Vercel Privacy Policy |
| Resend, Inc. | Transactional email delivery for marketing-site contact and application submission notifications. | Sender and recipient email addresses; email subject and body content for transactional notifications. | United States | Resend Privacy Policy |
| Discord, Inc. | Optional notification delivery to tenant-configured Discord channels when a lead qualifies or requests escalation. | Lead name, phone number (in E.164 format), state, and short qualification summary, delivered as a Discord webhook embed to the URL the tenant has configured. | United States | Discord Privacy Policy |
| Cloudflare, Inc. | Content delivery, DDoS protection, and cookieless web analytics for the marketing website. | Visitor IP address; browser User-Agent string; pages visited and referral source (aggregated). Cloudflare Web Analytics does not set cookies and does not perform cross-site tracking. | Global edge network | Cloudflare Privacy Policy |
Notification of changes
When we engage a new subprocessor or replace an existing one, we will update this page and refresh the "Last Updated" date above. Customers with active subscriptions who would like to receive direct notification of subprocessor changes by email may contact us at [email protected] to be added to the subprocessor-change notification list.
Data Processing Agreement
A Data Processing Agreement (DPA) is available on request for customers whose data processing on the Service is subject to the EU General Data Protection Regulation, the UK General Data Protection Regulation, the California Consumer Privacy Act / California Privacy Rights Act, or other applicable data-processing laws. To request a DPA, contact us at [email protected].
Questions
For questions about any subprocessor on this list, or to request additional detail on data flows for a specific subprocessor, contact us at [email protected].