Our public vendor status for customer data processing. Last updated 25 June 2026. Subscribe to changes via RSS.
Unify AI Ltd. is the data controller for marketing and onboarding processing, and a data processor for Customer Data our customers entrust to the platform. The sub-processors below process Customer Data on Droid's behalf to deliver specific functions of the service, including model inference, cloud infrastructure, communication transport, speech, payment processing, and optional customer-authorized integrations.
Each sub-processor is bound by written data-protection terms and reviewed through our vendor management process. Where processing occurs outside the UK or EEA, transfers are governed by appropriate safeguards described in our Privacy Policy.
Current sub-processors
| Provider | Role / function | Processing location | Reference |
|---|---|---|---|
| Google Cloud Platform | Cloud infrastructure substrate — compute, managed databases, object storage, secret management, networking, observability. | United States (Google LLC); Unify hosts Customer Data in europe-west1 / europe-west3 (EU). | Link |
| OpenAI | Large language model inference (text generation, reasoning) for Unify assistants. | United States. API tier; not used for model training. | Link |
| Anthropic | Large language model inference (text generation, reasoning) for Unify assistants. | United States. API tier; not used for model training. | Link |
| Replicate | Inference for open-source models hosted on Replicate. | United States. | Link |
| Twilio | Inbound and outbound voice, SMS, and WhatsApp messaging. | United States (with EU regional infrastructure available). | Link |
| LiveKit | Real-time voice and video transport for assistant rooms. | United States. | Link |
| Tavily | Web-search API used by Unify assistants when a tool call requests live web results. | United States. | Link |
| Deepgram | Speech-to-text transcription of inbound audio for voice assistants. | United States. | Link |
| Cartesia | Text-to-speech synthesis for outbound voice assistants. | United States only. | Link |
| ElevenLabs | Text-to-speech synthesis for outbound voice assistants. | United States. | Link |
| Google Workspace APIs | Optional customer-authorised integration with Gmail, Calendar, and Drive (where the customer has connected their workspace). | United States (Google LLC) with global infrastructure. | Link |
| Microsoft Graph API | Optional customer-authorised integration with Outlook, Teams, and Microsoft 365 (where the customer has connected their tenant). | United States (Microsoft Corporation) with global infrastructure. | Link |
| Discord | Optional customer-authorised channel adapter for assistants that respond in Discord servers. | United States. | Link |
| Stripe | Payment processing for customer billing. | United States (with Ireland infrastructure for EU customers). | Link |
| Resend | Transactional and marketing email delivery. | United States. | Link |
| Pipedream | Integration action broker (Pipedream Connect) — executes customer-authorised actions against connected third-party apps on behalf of assistant end users. | United States (Pipedream, Inc.). | Link |
| Composio | Integration action broker (Composio MCP gateway) — executes customer-authorised actions against connected third-party apps on behalf of assistant end users. | United States (Composio, Inc.). | Link |
Change log
20 May 2026
First public release of the unify.ai sub-processor list — 15 providers across cloud infrastructure (Google Cloud Platform), LLM inference (OpenAI, Anthropic, Replicate), voice/messaging transport (Twilio, LiveKit), web search (Tavily), speech (Deepgram, Cartesia, ElevenLabs), customer-authorised integrations (Google Workspace APIs, Microsoft Graph API, Discord), payment processing (Stripe), and email delivery (Resend).
25 June 2026
Pipedream (Pipedream Connect) added as a customer-authorised integration action broker — it executes actions the assistant takes against third-party apps a customer has connected, processing the connection's OAuth credentials/tokens (encrypted at rest, retained until revoked) and the action request/response payloads (in transit; not stored by Pipedream). Processing location: United States.
25 June 2026
Composio (Composio MCP gateway / AgentAuth) added as a customer-authorised integration action broker — it executes actions the assistant takes against third-party apps a customer has connected, processing the connection's OAuth credentials/tokens and the action request/response payloads (in transit). Composio operates a zero-retention architecture (tool-call payloads and credentials not stored). Processing location: United States.
Enterprise customers receive advance notice of material changes under their Data Processing Agreement. For direct enquiries, email privacy@unify.ai.