How to read this page
We separate third parties into three categories:
- Customer-direct integrations. Each customer signs up for an account directly with the provider; data flows from the customer’s Appliance to the provider under the customer’s own contract with that provider. Dino RD&C is the technical integrator only and is not a subprocessor of these services for the customer’s data.
- Dino-controlled subprocessors. Dino RD&C contracts with these providers on its own behalf. Customer data may flow through these providers. Where it does, the flow is described.
- Optional / opt-in. Activated only when the customer chooses to enable a feature that uses the provider.
For each provider we list the role, the data category that flows, and where the provider is located.
Customer-direct integrations (not Dino RD&C subprocessors)
These services are owned by the customer’s own accounts. The customer is responsible for the relationship and for any data shared with the provider. Dino RD&C does not store or proxy the data. Dino RD&C provides the technical integration only.
| Provider | Role | Data category | Location |
|---|---|---|---|
| Stripe | Payment processing — invoices, payment links, payouts | Cardholder data and payment metadata under customer’s Stripe account | USA |
| Twilio | Voice and SMS telephony — programmable voice, media streams, SMS, 10DLC | Call audio and SMS contents under customer’s Twilio account | USA |
| Gmail / Google Workspace | Email integration — inbox, sending, threading | Email under customer’s Gmail/Workspace account | USA |
When a customer enables a customer-direct integration, the customer is responsible for reviewing and accepting the provider’s terms.
Dino-controlled subprocessors
These providers are engaged by Dino RD&C and are subject to written agreements that include data-protection obligations consistent with our DPA.
| Provider | Role | Data category | Location |
|---|---|---|---|
| Cloudflare | Cloud relays — Cloudflare Workers (Meta webhook signature relay), Cloudflare Tunnel (per-customer routing to Appliance) | Pure pass-through; no business data persisted on Cloudflare | USA |
| Apple | Hardware (Appliance), operating system, manufacturer warranty, Apple Business Manager device enrollment | Device identifiers, MDM enrollment metadata | USA |
| Mosyle | Mobile Device Management for Appliance lockdown and configuration | Device configuration metadata | USA |
| Bright Data | B2B web data acquisition — used for outbound lead enrichment workflows | Public business data; not personal information of customer’s customers | USA / Israel |
| Google (OAuth, Maps/Places) | OAuth identity for sign-in; Maps and Places APIs for routing and lead workflows | OAuth identifiers; map / place query metadata | USA |
| Meta (Facebook, Instagram, WhatsApp Business) | Source platform for inbound messaging, page management, ads, and insights via the Dino-managed Meta app | Pass-through messaging payloads to Customer’s Appliance; no persistent storage on Dino infrastructure | USA |
| LinkedIn (planned) | B2B lead enrichment — adding LinkedIn-derived company and contact context to leads | Public business data | USA |
| X (formerly Twitter) | Social posting and monitoring features | Public posts and engagement metadata | USA |
Where the Cloudflare Worker fits
The Cloudflare Worker that relays Meta webhook events validates Meta’s signature, optionally enriches headers, and forwards the request through the Cloudflare Tunnel to the customer’s Appliance. The Worker does not write request bodies to any persistent store. The Appliance is the system of record.
Optional / opt-in
These providers are engaged only when a customer activates the corresponding feature.
| Provider | Role | Data category | Location | When engaged |
|---|---|---|---|---|
| Cloud LLM provider (e.g., OpenAI, Anthropic, similar) | Cloud language model fallback for selected workloads | Prompt and completion contents for the routed request only | USA | Off by default; opt-in by customer |
| Cloud backup provider | Encrypted off-site backup of Appliance data | Encrypted Customer Data | USA | Off by default; paid add-on |
| Email-deliverability provider | Outbound email infrastructure | Email metadata and contents | USA | When customer enables Dino-managed outbound email |
| Marketing-site analytics, demo-booking, and email-capture tools | Operating dinoaihost.com | Website visitor data (see Cookie Policy) | USA | Site-wide; not customer-data subprocessors |
The marketing-site providers in the last row do not Process Customer Data. They Process website visitor data on dinoaihost.com only. The specific vendors used are reflected in our Cookie Policy and may change from time to time without prior notice.
Changes
Dino RD&C will give at least 30 days’ advance notice before adding a new Subprocessor that will Process Personal Information of customers. Customers subscribed to subprocessor notifications will receive an email; this page will be updated and the version number incremented.
Contact
QUESTIONS · [email protected]