Legal
Sub-processor Register
Effective 31 May 2026
This register is the authoritative list of the sub-processors Yielde engages to deliver the platform, what they process, where they are hosted, and the cross-border position under POPIA. It is an annex to, and incorporated by reference into, the Yielde Data Processing Agreement.
1. Purpose and how this register links into the DPA
1.1 This register is the named, authorised sub-processor list required to satisfy POPIA section 20 (an operator may process personal information only with the knowledge or authorisation of the responsible party), read with section 21(1) (the mandatory written operator contract). It is incorporated into each customer's Data Processing Agreement ("DPA") by reference.
1.2 Role framing (POPIA section 1).In the typical Yielde engagement the customer is the responsible party for its end-users' and leads' personal information; Yielde is the operator; and the third parties below are sub-processors engaged by Yielde to deliver the service. Separately, Yielde is itself a responsible party for its own site, account, authentication, subscription, and billing data — for that data set, several of these vendors are Yielde's own operators. POPIA roles are function-based: one entity can be operator for one data set and responsible party for another.
1.3 The cross-border rule (POPIA section 72).Where a sub-processor receives personal information outside the Republic, POPIA section 72 applies. Section 72(1) prohibits cross-border transfer subject to five gateways. The principal gateway, section 72(1)(a), is conjunctive — the recipient must uphold processing principles substantially similar to POPIA's conditions and carry substantially similar onward-transfer controls. South Africa has no published adequacy list and no Regulator standard contractual clauses, so we self-assess and document the adequacy of each cross-border recipient and rely on each provider's data-processing terms (plus, where necessary, a POPIA onward-transfer rider).
2. In-region sub-processors (no cross-border transfer)
| Sub-processor | Purpose | Data categories (indicative) | Location |
|---|---|---|---|
| AWS (af-south-1, Cape Town) | Hosting for the per-tenant automation stack (automation, database, cache); tenant isolation | Lead/end-user PI inside tenant automations; tenant config; logs | South Africa |
| Paystack | Payments — recurring ZAR subscription and usage billing | Billing identifiers, transaction metadata, account email | South Africa |
| Documenso (self-hosted) | E-signature for the in-portal DPA signing flow | DPA signatory name, email, signature, audit trail | South Africa (self-hosted on Yielde infrastructure) |
3. Cross-border sub-processors (each subject to POPIA section 72)
| Sub-processor | Purpose | Data categories (indicative) | Location |
|---|---|---|---|
| OpenRouter | LLM gateway/router downstream of Yielde's AI gateway; routes prompts to upstream providers | Prompt content (may contain lead/end-user PI); model metadata | United States / global |
| OpenAI | LLM inference (direct fallback) | Prompt content (may contain lead/end-user PI) | United States |
| Anthropic | LLM inference (direct fallback) | Prompt content (may contain lead/end-user PI) | United States |
| Retell | Voice-AI receptionist | Call audio/transcripts, caller identifiers, prompt content | United States |
| Resend | Transactional email (account, lifecycle, notifications) | Recipient email address, name, message content/metadata | United States |
| Twilio | Telephony for the voice channel | Phone numbers, call metadata, possibly call content | United States |
| Vercel | Hosting for the marketing site and client portal | Account/portal identifiers, IP/usage logs, edge-processed request data | United States / global edge |
| Cloudflare | DNS and access SSO | IP addresses, request metadata, SSO identifiers | Global |
| Supabase | Application database — auth, account lifecycle, subscriptions, credit ledger | Account email, auth identifiers, subscription and credit-ledger data | Region to confirm |
The most significant cross-border flow is the LLM chain (AI gateway → OpenRouter → OpenAI / Anthropic, US-hosted), because prompts can carry personal information and the onward-transfer limb of section 72(1)(a) is engaged more than once. AWS af-south-1, Paystack, and self-hosted Documenso keep their data in-region, which is a deliberate compliance positive.
4. Mitigations carried down through the DPA
For every cross-border sub-processor above, the DPA and this register provide for:
- Binding agreement per vendor— each provider's data-processing agreement / standard contractual clauses, plus, where needed, a POPIA section 72 onward-transfer rider.
- Data minimisation — minimising or redacting personal information from lead data, where feasible, before it enters the LLM chain (POPIA sections 10 and 15).
- No training on customer data — contractual confirmation that API data is not used to train or improve models, recorded per vendor.
- Onward-transfer flow-down — each sub-processor must bind its own sub-processors to substantially similar protections (section 72(1)(a)).
- Back-to-back breach-notification — each sub-processor must notify Yielde promptly enough for Yielde to meet its section 21(2) duty to the customer.
- Region selection— confirming Supabase's region and preferring a South African region where feasible.
- Prior-authorisation screen— screening each flow for special personal information (section 26) or children's personal information (section 34) that would trigger section 57(1)(d) prior authorisation before being routed cross-border.
5. Change-notification policy
5.1 Source of truth.Yielde maintains this register as the authoritative list of authorised sub-processors, incorporated into each customer's DPA by reference.
5.2 Advance notice.Before adding a new sub-processor, or making a material change to an existing one (new data categories, a new hosting country, or a change that creates or worsens a cross-border transfer), Yielde will give affected customers at least 30 days' advance written notice identifying the sub-processor, its purpose, data categories, hosting location, whether the change is cross-border, and the proposed section 72 basis.
5.3 Right to object. A customer may object on reasonable, good-faith data-protection grounds within the notice period. Yielde and the customer will discuss the objection in good faith and seek a commercially reasonable resolution. If none is reached, the customer may terminate the affected service without penalty for the unexpired prepaid term, on written notice. Absent a timely objection, the customer is deemed to have authorised the change at the end of the notice period.
5.4 Emergency replacements.Where a sub-processor must be replaced urgently for security, legal-compliance, or service-continuity reasons, Yielde may make the change before the notice period expires, giving notice as soon as reasonably possible thereafter, with the customer's objection right preserved.
6. Breach-notification interaction (POPIA sections 21(2), 22)
6.1 As operator, on reasonable grounds to believe personal information has been accessed or acquired by an unauthorised person — at Yielde or at any sub-processor — Yielde must notify the customer immediately (POPIA section 21(2)).
6.2 The customer (responsible party) then notifies both the Information Regulator and affected data subjects under POPIA section 22, as soon as reasonably possible after discovery. Yielde will contractually assist the customer to make that notification.
7. Contact
Questions about this register can be directed to Splice Computers (Pty) Ltd, trading as Yielde · 55 York Street, George, Western Cape, 6529 · support@yielde.dev. For how personal information is handled more broadly, see our Privacy Policy.