Subprocessors

Last Updated: October 22, 2025

Overview

Hey Operator engages third-party service providers ("subprocessors") to assist in delivering our services. This page lists all subprocessors who may process personal data on our behalf. All subprocessors are bound by data protection agreements that require them to protect your data and process it only as instructed.

Current Subprocessors

The following table lists all subprocessors currently engaged by Hey Operator:

Service Provider	Service	Data Processed	Location
Cloud Infrastructure Provider	Hosting, storage, databases	All data types (account, call content, metadata)	United States
AI Transcription Service	Real-time speech-to-text transcription	Call audio, transcripts, metadata	United States
Natural Language Processing Service	AI summaries, speaker diarization	Transcripts, audio features, summaries	United States
Telecommunications Provider	Phone call routing and handling	Phone numbers, call audio, call metadata	United States
Payment Processor	Subscription billing, payment processing	Payment information, billing addresses, transaction history	United States
Authentication Provider	User authentication and identity management	Phone numbers, PINs (hashed), session tokens	United States
Email Delivery Service	Transactional email delivery	Email addresses, notification content	United States
Analytics Provider	Usage analytics and monitoring	IP addresses, device information, usage patterns	United States

Data Protection Measures

All subprocessors are required to:

Process data only as instructed by Hey Operator
Implement appropriate technical and organizational security measures
Maintain confidentiality of all personal data
Assist with data subject rights requests (access, deletion, etc.)
Notify us promptly of any data breaches
Delete or return data upon termination of services
Comply with GDPR, CCPA, and other applicable data protection laws

International Transfers

Some subprocessors may process data outside your jurisdiction. For transfers from the EEA or UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the EU-US Data Privacy Framework (DPF) for certified providers, and supplementary security measures to ensure data protection.

Changes to Subprocessors

We may add, replace, or remove subprocessors as necessary to provide and improve our services. We will update this page when changes occur and notify users of material changes via email (if provided) or in-app notice at least 30 days before the new subprocessor begins processing data. If you object to a new subprocessor, you may terminate your account before the change takes effect.

Questions

If you have questions about our subprocessors or data processing practices, please contact us at privacy@heyoperator.com.

← Back to Privacy Policy ← Back to home