R.ai uses a small set of vetted third-party service providers (“subprocessors”) to operate the Service. Each one processes data only on R.ai's documented instructions and under a written contract that includes appropriate confidentiality and security obligations. This page is the current, authoritative list.
| Vendor | What it does | Data processed | Region | Privacy / DPA |
|---|---|---|---|---|
| Vapi (Vapi Labs, Inc.) | Voice AI orchestration — real-time speech-to-text, LLM, text-to-speech | Call audio (excluding payment portion), transcripts, prompt and response data, caller phone number | United States | Privacy · DPA |
| Twilio Inc. | Inbound and outbound telephony and SMS — carrier of record for the ported number, sender of order-confirmation messages | Caller phone number, call metadata (start, end, duration), SMS recipient numbers, SMS body | United States | Privacy · DPA |
| Stripe, Inc. | Payment processor for customer card payments and for restaurant subscription billing. We never store card numbers, CVV, or expiration dates — Stripe tokenizes | Caller-provided card payment tokens, restaurant billing card tokens, transaction metadata | United States | Privacy · DPA |
| Resend (Resend, Inc.) | Transactional email — account confirmations, password resets, billing notices, system alerts | Customer email address, email content | United States | Privacy · DPA |
| Clerk (Clerk, Inc.) | Authentication and user-session management for the Dashboard | Email address, hashed password, session metadata, sign-in events | United States | Privacy · DPA |
| Neon (Neon, Inc.) | Managed Postgres database hosting — primary data store for all account, menu, call, and order records | All Customer Data, Order Data, and Caller records, stored encrypted at rest | United States | Privacy · DPA |
| Vercel Inc. | Application hosting, edge networking, and Vercel Blob storage for call audio recordings | Server logs (IP, user agent), call audio recordings (365-day retention), uploaded assets | United States | Privacy · DPA |
| Anthropic (Anthropic, PBC) | Large-language-model inference for the telephone Agent and the Ask R.ai dashboard assistant | Prompt and response data — call transcripts, system prompts, and assistant queries. Anthropic does not use this data to train its models. | United States | Privacy · DPA |
| Sentry (Functional Software, Inc.) | Application error monitoring — stack traces and limited request metadata for the marketing site and dashboard | Stack traces, error context, redacted request metadata | United States | Privacy · DPA |
| PostHog (PostHog, Inc.) | Product analytics — page views, button clicks, and funnel events for joinrai.com and the dashboard | Page-view events, click events, anonymized session metadata; account identifier for authenticated users | United States | Privacy · DPA |
Before R.ai engages a new subprocessor, R.ai reviews the vendor's security program, available compliance attestations (SOC 2, ISO 27001, PCI-DSS where applicable), data-processing terms, sub-tier vendor practices, and data-residency commitments. R.ai will not engage a subprocessor that cannot meet R.ai's contractual privacy and security commitments to Customers.
Customers who require a standalone Data Processing Agreement may request one by emailing ezra@joinrai.com. R.ai's standard DPA incorporates this Subprocessors list by reference and is updated automatically as this page is updated.
© 2026 Reva.ai LLC For data-handling details, see the Privacy Policy and the Terms of Service.