Trust
Subprocessors
Bella uses the following subprocessors to deliver the platform. Each is reviewed for security posture before onboarding and on an annual cadence thereafter. We do not sell customer data and we do not permit subprocessors to use customer data to train models or to advertise.
1. Active subprocessors
| Subprocessor | Purpose | Data categories | Location |
|---|---|---|---|
| Google Cloud Platform | Compute, managed PostgreSQL, object storage, backups. | All customer data at rest. | United States. |
| Cloudflare | CDN, WAF, DNS, DDoS protection, TLS termination. | In-transit traffic only; no persistent storage of customer data. | Global edge; US legal entity. |
| Intuit (QuickBooks Online) | Accounting integration. Tenants authorize their own QuickBooks data access via OAuth. | Tenant chart of accounts, transactions, vendors, customers (as authorized by the tenant). | United States. |
| Plaid Inc. | Bank account connectivity for transaction ingestion. Tenants authorize via Plaid Link. | Bank account metadata, transaction history, balances. | United States. |
| Stripe | Subscription billing, payment processing. | Tenant billing identifiers, subscription state, payment method tokens. No card numbers persist in Bella. | United States. |
| Twilio | SMS and voice for customer-facing messaging. | Recipient phone numbers, message content, delivery status. | United States. |
| Telnyx | SMS / voice for selected tenant routing. | Recipient phone numbers, message content, delivery status. | United States. |
| OpenAI | AI inference for selected features (voice agent, conversation assist). | Feature-specific prompt content only. | United States. |
| Anthropic | AI inference for color analysis, dispense coaching, and messaging assist. | Feature-specific prompt content only. | United States. |
| Google (Ads & Business Profile) | Advertising platform integration for tenants who opt in. | Ad-campaign data, conversion events, business profile data (as authorized by the tenant). | United States. |
AI providers (OpenAI, Anthropic) process only the feature-specific input data necessary to deliver enabled AI features. Bella does not transmit customer financial credentials, bank account numbers, or restricted-classification data to AI providers. Where the provider offers a no-training option for API traffic, Bella uses it.
2. Vendor security review process
- Pre-onboarding review — before integrating any new subprocessor that will touch confidential or restricted-classification customer data, Bella reviews their security posture: SOC 2 or ISO 27001 report where available, data processing terms, breach notification commitments, sub-subprocessor list, and data location.
- Risk acceptance — the integration is approved by the policy owner with a brief written justification recorded internally.
- Annual review — each subprocessor is re-reviewed at least annually. Material changes in the provider's posture (loss of certification, security incident, change of ownership) are reviewed promptly.
- Termination — when a subprocessor is removed, any access tokens are revoked, persisted data is purged from Bella consistent with the Retention Policy, and the data the provider holds is deleted per the contractual terms.
3. Notification of changes
Material changes to this list (a new subprocessor handling confidential or restricted-classification data, removal of an active one) are reflected here. Tenants on contracts that include a subprocessor-notification commitment are notified directly via email at the contact on file.