FlowLeads uses a carefully selected set of third-party providers ("sub-processors") to deliver our service. We only engage sub-processors who meet our security and compliance requirements. This page lists every provider that may process data on our behalf.
Infrastructure & Platform
| Provider | Country | Purpose | Security |
|---|
| Vercel Inc.Privacy policy ↗ |
USA |
Web application hosting and serverless function execution |
SOC 2 Type II |
| Neon Inc.Privacy policy ↗ |
AWS Sydney (AU) |
PostgreSQL database — stores clinic accounts, call records, and booking data |
SOC 2 Type II, data in ANZ |
Authentication
| Provider | Country | Purpose | Security |
|---|
| Clerk Inc.Privacy policy ↗ |
USA |
User authentication, session management, and multi-factor authentication for clinic admin accounts |
SOC 2 Type II |
Voice AI Pipeline
| Provider | Country | Purpose | Security |
|---|
| Vapi AIPrivacy policy ↗ |
USA |
Voice AI pipeline orchestration — manages inbound call routing, function execution, and conversation flow |
SOC 2 Type II |
| ElevenLabs Inc.Privacy policy ↗ |
USA |
Text-to-speech synthesis — converts Aria's responses to natural voice audio during calls |
Enterprise security |
| Deepgram Inc.Privacy policy ↗ |
USA |
Speech-to-text transcription — converts caller speech to text in real time during calls |
SOC 2 Type II |
| OpenAI LLCPrivacy policy ↗ |
USA |
Large language model — powers Aria's conversational reasoning and response generation |
SOC 2 Type II |
Telephony & Communications
| Provider | Country | Purpose | Security |
|---|
| Twilio Inc.Privacy policy ↗ |
USA |
Phone number provisioning and SMS delivery for patient notifications |
SOC 2 Type II, ISO 27001 |
| Resend Inc.Privacy policy ↗ |
USA |
Transactional email delivery for proposal emails and system notifications |
SOC 2 Type II |
Billing
| Provider | Country | Purpose | Security |
|---|
| Stripe Inc.Privacy policy ↗ |
USA |
Payment processing and subscription billing. FlowLeads does not store card numbers — all payment data is handled by Stripe. |
PCI DSS Level 1, SOC 2 Type II |
Scheduling
| Provider | Country | Purpose | Security |
|---|
| Cal.com Inc.Privacy policy ↗ |
USA |
Strategy call booking links for sales and onboarding |
SOC 2 Type II |
| Google LLCPrivacy policy ↗ |
USA |
Google Calendar API — used when clinics connect their Google Calendar for real-time appointment slot availability |
ISO 27001, SOC 2 Type II |
We review this list regularly and will update it when we add or remove providers. If you have questions about any of our sub-processors, contact us at [email protected].