Below is the current list of Subprocessors authorized to process Customer Data for Measy:
Last updated: March 17, 2026
To ensure the safety of Customer and End-User Data, Bitbrains requires that any material Subprocessor handling unencrypted End-User communications, messaging content, or voice recordings maintains rigorous security standards, which may include industry-recognized frameworks such as a SOC 2 Type II compliance report, ISO 27001 certification, an equivalent audited security framework, or passing Bitbrains' internal vendor security assessments.
To support the delivery of the Measy communications platform and related services, Bitbrains Inc. ("we," "us," or "our") engages third-party service providers (each, a "Subprocessor") to securely process Customer Data on our behalf. We rigorously evaluate the security, privacy, and confidentiality practices of all proposed Subprocessors before engaging them. Every Subprocessor is contractually bound to data protection obligations that are at least as protective as those contained in our Data Processing Addendum (DPA). All listed subprocessors are bound by written agreements that include explicit flow-down liability and security obligations.
Current Subprocessors
| Subprocessor Name | Purpose / Service Provided | Processing Location | Data Types Processed |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, server hosting, and database storage | Canada & United States | Primary databases, backups, and analytics metadata. |
| Google Cloud Platform (GCP) | Cloud infrastructure, server hosting, and database storage | Canada & United States | Primary databases, backups, and analytics metadata. |
| Twilio Inc. | Telecommunications, SMS delivery, and voice call routing | United States / Global | SMS/Voice content, phone numbers, and delivery metadata. |
| Stripe Inc. | Payment processing, subscription billing, and invoicing | United States / Global | Payment tokens and checkout metadata (no raw credit card numbers). |
| ElevenLabs | AI voice synthesis for automated calls and IVR | United States | Recorded voice data, transcripts generated by the Service. |
Updates to this Registry
As our platform grows, our underlying infrastructure may evolve. In accordance with our DPA, Bitbrains will update this online registry at least fifteen (15) days prior to authorizing any new material subprocessor to process Customer Data, except in emergency circumstances where a subprocessor must be immediately replaced to maintain platform security or Service availability. In such emergencies, Bitbrains will update the registry and notify Customers as soon as commercially practicable. It is the Customer's responsibility to periodically review this registry for updates.
Customers acknowledge that the Services are provided in a strictly multi-tenant environment and accept the use of the Subprocessors listed in the registry. If a customer objects to a new subprocessor, the Customer's sole and exclusive remedy is to terminate their subscription via the self-serve dashboard prior to the new subprocessor's authorization date.
Questions?
For questions about this Subprocessor Registry or our data processing practices, contact:
Bitbrains Inc.
Email: studio@bitbrains.ca