Book a Demo

Pippa PA Sub-Processor Disclosure

Last Updated: November 2025

Powered by HighLevel/LeadConnector Infrastructure

1. Overview

Pippa PA is the Data Controller. We appoint HighLevel / LeadConnector as our primary Data Processor. HighLevel relies on audited, GDPR-compliant sub-processors for secure hosting, telephony, messaging, email, and infrastructure. Pippa PA does not add any other sub-processors outside this list.

2. Primary Sub-Processor

HighLevel / LeadConnector LLC Core Platform

  • Role – CRM, databases, automations, call & message logs, AI routing
  • Location – United States
  • Legal Basis – SCCs & EU-US/UK DPF certification
  • Security – Encryption, backups, SOC-aligned controls

3. Telephony & Messaging

Twilio Inc.

  • Numbers, call routing & forwarding
  • SMS sending & receiving
  • Optional transcription
  • USA • SCCs • DPF

WhatsApp Business API Providers (via HighLevel)

HighLevel may use Meta-approved providers such as 360dialog, Twilio WhatsApp API or Gupshup for WhatsApp messaging. All operate under GDPR-compatible agreements.

4. Email Delivery

  • SendGrid (Twilio SendGrid Inc.) – transactional & outbound email
  • Mailgun / MailerSend / LC Email – marketing & system notifications (region dependent)

5. Hosting & Cloud Infrastructure

  • Google Cloud Platform (GCP) – core hosting & encrypted storage
  • Amazon Web Services (AWS) – scalable compute, databases, backups

Both providers hold SOC 2 & ISO 27001 certifications and operate under SCC/GDPR frameworks.

6. Payments & Billing

Stripe Inc.

  • Subscription charges & refunds
  • PCI-DSS Level 1 compliant
  • Pippa PA never stores full card details

7. Analytics & Support

  • Cloudflare – firewall, DDoS protection, CDN
  • Intercom / support tools – technical support & ticketing (via HighLevel)

8. Sub-Processor Responsibilities

Every sub-processor must follow GDPR & UK GDPR, encrypt data, process only under instruction, maintain confidentiality & audit trails, and never sell data.

9. International Data Transfers

Transfers to the United States rely on SCCs, the EU-US Data Privacy Framework, and the UK Extension, ensuring lawful mechanisms.

10. Changes to Sub-Processors

We update this list when HighLevel changes theirs or we add new integrations. You can request notifications by emailing privacy@pippa-pa.com.

11. Summary

Pippa PA securely relies on: HighLevel/LeadConnector, Twilio, WhatsApp API providers, SendGrid/Mailgun, AWS/GCP, Stripe, and Cloudflare. All are GDPR-compliant and operate under strict processor agreements.

Book Your Demo Call