Sub-processors
A sub-processor is a third party that handles personal data on Figo’s behalf as part of delivering the platform. Like most SaaS providers, we maintain a small set of sub-processors covering database storage, AI inference, voice transport, transactional email, and operational tooling.
We share the current sub-processor list with customers and prospective customers on request. It’s available alongside our Data Processing Agreement, so you can review both as part of your procurement / vendor-risk-management process.
1. What you’ll receive
- The current list of sub-processors, with vendor name, the category of data they handle, their region of operation, and a link to their own Data Processing Agreement.
- A summary of the transfer mechanism (Standard Contractual Clauses or equivalent) for any vendor outside the EU/EEA or UK.
- The change-notification commitment: at least 30 days’ notice before adding a new sub-processor that handles customer or candidate data, or changing the role of an existing one.
2. How to request
Email hello@usefigo.com with the subject line Sub-processor list request and include:
- Your organisation’s legal name.
- Whether you’re also requesting our DPA at the same time.
- Your jurisdictions of operation, if known, so we can include any jurisdiction-specific notes.
We typically reply within one business day with the current list and ongoing change-notification subscription.
3. Architecture summary (no vendor names)
For a high-level picture without the vendor specifics, our platform comprises:
- A managed Postgres database with authentication in the European Union.
- AI inference (language model, speech-to-text, text-to-speech) running in the European Union. No audio is recorded.
- Real-time voice transport in the European Union.
- Transactional email delivery from a provider operating under Standard Contractual Clauses.
- Operational tooling (background workflows, error monitoring, rate-limiting cache) running primarily in the European Union, with the few US-located components under SCCs.
Full architectural detail is in our Security overview.