Sub-processors we engage
To deliver our service we engage a limited set of carefully vetted sub-processors. This page is the canonical, customer-facing list. Last updated 20 May 2026. Subscribe to changes via RSS.
Unify AI Ltd is the data controller for our marketing and onboarding processing, and a data processor for the Customer Data our customers entrust to the platform. The sub-processors below process Customer Data on Unify's behalf to deliver specific functions of the service — language-model inference, voice/messaging transport, speech, payment processing, and the underlying cloud infrastructure.
Each sub-processor is bound by a written data-processing agreement, restricted to the personal data necessary for the function we receive from them, and tracked in our internal Data Management Policy and Third-Party Management Policy. Where a sub-processor processes data outside the United Kingdom or the EEA, the transfer is governed by the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses, supplemented by transfer impact assessments where required (see our Privacy Policy — International data transfers section).
Current sub-processors
Who processes what, and where
| Provider | Role / function | Processing location | Reference |
|---|---|---|---|
| Google Cloud Platform | Cloud infrastructure substrate — compute, managed databases, object storage, secret management, networking, observability. | United States (Google LLC); Unify hosts Customer Data in europe-west1 / europe-west3 (EU). | Link |
| OpenAI | Large language model inference (text generation, reasoning) for Unify assistants. | United States. API tier; not used for model training. | Link |
| Anthropic | Large language model inference (text generation, reasoning) for Unify assistants. | United States. API tier; not used for model training. | Link |
| Replicate | Inference for open-source models hosted on Replicate. | United States. | Link |
| Twilio | Inbound and outbound voice, SMS, and WhatsApp messaging. | United States (with EU regional infrastructure available). | Link |
| LiveKit | Real-time voice and video transport for assistant rooms. | United States. | Link |
| Tavily | Web-search API used by Unify assistants when a tool call requests live web results. | United States. | Link |
| Deepgram | Speech-to-text transcription of inbound audio for voice assistants. | United States. | Link |
| Cartesia | Text-to-speech synthesis for outbound voice assistants. | United States only. | Link |
| ElevenLabs | Text-to-speech synthesis for outbound voice assistants. | United States. | Link |
| Google Workspace APIs | Optional customer-authorised integration with Gmail, Calendar, and Drive (where the customer has connected their workspace). | United States (Google LLC) with global infrastructure. | Link |
| Microsoft Graph API | Optional customer-authorised integration with Outlook, Teams, and Microsoft 365 (where the customer has connected their tenant). | United States (Microsoft Corporation) with global infrastructure. | Link |
| Discord | Optional customer-authorised channel adapter for assistants that respond in Discord servers. | United States. | Link |
| Stripe | Payment processing for customer billing. | United States (with Ireland infrastructure for EU customers). | Link |
| Resend | Transactional and marketing email delivery. | United States. | Link |
How we manage sub-processors
Vetted on the way in, reviewed on a cadence
Onboarding diligence
Every new sub-processor is reviewed against our Third-Party Management Policy before it is engaged — security posture, certifications (SOC 2 / ISO 27001 where available), data-processing addendum, sub-processor chain, and applicable cross-border transfer mechanism.
Data-processing agreement
Each sub-processor is bound by a written data-processing agreement that mirrors the protections in our customer DPA — purpose limitation, security obligations, sub-processor flow-down terms, and assistance with data-subject rights.
Cross-border transfers
Where a sub-processor processes data outside the UK / EEA, the transfer is governed by the IDTA, the UK Addendum to the EU SCCs, or the EU SCCs, with a transfer impact assessment where required.
Periodic review
The sub-processor list is reviewed every quarter as part of our Quarterly Compliance Review against our internal Data Management Policy and our vendor management records, and refreshed on this page whenever an addition or removal lands.
Stay informed about changes
Subscribe to the RSS feed to be notified of additions or removals to this list. Enterprise customers also receive advance-notice updates of changes under their Data Processing Agreement; for direct enquiries email privacy@unify.ai.