Sub-processors
List of processors under Art. 28 GDPR engaged to deliver the Service. Changes are communicated to Customers in advance per the customer DPA.
EW-Flow sub-processors (engaged directly by Everywhere S.r.l.)
| Vendor | Purpose | Processing location | Safeguards |
|---|---|---|---|
| Microsoft Corp. (Microsoft Ireland Operations Ltd) | Hosting (Azure App Service), database (Azure Database for MySQL), storage (Azure Blob), authentication (Azure AD B2C), telemetry (Application Insights), Service Bus, Redis, Key Vault, Grafana | EU (Italy North); some global metadata | Microsoft Online Services DPA, EU Data Boundary, SCCs, DPF |
| Stripe Payments Europe Ltd | Payment processing, billing | EU (Ireland) primary; some US processing | Stripe DPA, SCCs, DPF |
| GitHub Inc. | Source code hosting, CI/CD (GitHub Actions) | US | GitHub DPA, SCCs, DPF |
| LLM provider for AI Agent — to be defined | AI Agent response generation | EU (preferred) | DPA with no-training clause |
Customer-configured integrations
The following services are not our sub-processors: the Customer configures them with their own credentials and contracts directly with the vendor. Data flows through EW-Flow but no contractual relationship exists between Everywhere S.r.l. and these vendors.
| Service | Type | Vendor privacy |
|---|---|---|
| Twilio Inc. | SMS, voice | privacy |
| Aculab plc | Telephony | privacy |
| Slack Technologies | Messaging | privacy |
| OpenAI L.L.C. | OpenAI module (LLM) | privacy |
| Microsoft Azure Communication Services | SMS, voice, email, chat (ACS module) | (covered by Customer's Microsoft Online Services DPA where configured by the Customer) |
Change notifications
Changes to the sub-processor list are published on this page and communicated to Customers at least 30 days in advance, except for security or legal urgencies. Customers may object to a change as set out in the customer DPA.
Change history
| Date | Change |
|---|---|
| 2026-05-07 | Initial publication |