Sub-processors
Last updated: 13 July 2026
On this page
- 1. Introduction
- 1.1 What is a Sub-processor?
- 1.2 Why we publish this list
- 1.3 Updates, notice, and the objection right
- 2. Current Sub-processors
- 2.1 Cloud & Hosting
- 2.2 Messaging Platform
- 2.3 Payments
- 2.4 Other operational services
- 3. Data Residency and Onward International Transfers
- 4. How to Object to a New Sub-processor
- 5. Last Updated and Contact
Owned and provided by AIO Infinity Private Limited (parent company) Website: https://www.infiq.in Effective / Last Updated: 13 July 2026
Summary (non-binding). This page lists the third-party Sub-processors that InfiQ uses to help provide its WhatsApp Business API (CPaaS) platform, what each one does, and where it Processes data. All Sub-processors below currently Process data in data centres located in India. This list is kept up to date; InfiQ notifies Customers of material additions or replacements and lets you object on reasonable data-protection grounds. Questions: privacy@infiq.in.
1. Introduction
InfiQ is a WhatsApp Business API (CPaaS) platform owned and provided by its parent company, AIO Infinity Private Limited (CIN U62013MP2025PTC074108; GSTIN 23ABBCA9125H1ZX), 54, Old Subhash Nagar, Bhopal – 462023, Madhya Pradesh, India ("InfiQ", "we", "us", "our"). This page identifies the Sub-processors we engage to deliver, operate, secure, and support the InfiQ platform (the "Service").
1.1 What is a Sub-processor?
A Sub-processor is a third party (including any InfiQ affiliate) that we engage to Process Customer Data on our behalf in order to deliver, operate, secure, and support the Service. When you (the Customer, acting as Controller / Data Fiduciary) use InfiQ, InfiQ acts as your Processor / Data Processor, and the Sub-processors listed below act as our sub-processors.
Each Sub-processor Processes Customer Data only to the extent needed to perform the specific service it provides to InfiQ, and under a written contract that imposes data-protection obligations equivalent in substance to those in our Data Processing Agreement (DPA) (https://www.infiq.in/dpa). InfiQ remains fully liable to the Customer for the performance of each Sub-processor's data-protection obligations.
Capitalised terms used but not defined here have the meanings given to them in the InfiQ DPA and the shared definitions of the InfiQ legal suite.
1.2 Why we publish this list
We publish this list for transparency and to satisfy our commitments under the DPA and Applicable Data Protection Law (India's DPDP Act 2023, the EU/UK GDPR, and the CCPA/CPRA). It lets you assess our supply chain and exercise your objection right (Section 4).
1.3 Updates, notice, and the objection right
Under Section 6 of the DPA, you have granted InfiQ general written authorisation to engage Sub-processors. This list may be updated from time to time as our services evolve. Before a new Sub-processor begins Processing Customer Data, or before InfiQ replaces an existing one, InfiQ will:
- give you at least ten (10) days' advance notice of the material addition or replacement; and
- allow you to object on reasonable data-protection grounds within that notice period, with the remedies (including a pro-rata refund and termination of the affected Service) described in the DPA.
Subscribe to change notifications. To be notified of changes to this list, email privacy@infiq.in with the subject line "Subscribe — Sub-processor updates" and the account / domain you use with InfiQ. Where a self-service subscription option is available in the InfiQ dashboard, you may also subscribe there.
2. Current Sub-processors
The "Processing location" column indicates where the Sub-processor Processes or stores Customer Data. All Sub-processors below currently Process Customer Data in India. Where a Customer sends EU/UK or other regulated Personal Data into India, transfers are safeguarded as described in Section 3.
2.1 Cloud & Hosting
| Sub-processor | Purpose | Processing location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, compute, and storage — virtual private cloud, application servers, managed databases, and object storage for running the Service. | India |
| Microsoft Azure | Cloud hosting and related cloud services supporting the Service. | India |
| Google Cloud (GCP) | Cloud hosting and related cloud services supporting the Service. | India |
2.2 Messaging Platform
| Sub-processor | Purpose | Processing location |
|---|---|---|
| Meta Platforms, Inc. / WhatsApp LLC | The WhatsApp Business API / Cloud API on which the Service operates. Meta Processes WhatsApp message content, media, and related metadata to transmit and deliver messages between the Customer and its End Users / Recipients, under the WhatsApp Business Data Processing Terms and the other Meta Terms. This is an essential Sub-processor — the Service cannot be provided without it. | Localised to India |
Note on WhatsApp message processing. Because the Service is built on the WhatsApp Business API, all messages you send and receive through InfiQ are necessarily Processed by Meta / WhatsApp. Meta's handling of that data is governed by the Meta Terms and Meta's own retention and security practices, which are outside InfiQ's direct control. See Section 6.5 and Section 10.5 of the DPA.
2.3 Payments
| Sub-processor | Purpose | Processing location |
|---|---|---|
| Zoho Payments | Payment processing for Subscription Fees and Prepaid Credits / Wallet top-ups; billing and invoicing support. | India |
| Razorpay | Payment processing for Subscription Fees and Prepaid Credits / Wallet top-ups; billing and invoicing support. | India |
Note. Payment Sub-processors typically Process the billing contact and payment data of the Customer's own account (not End-User message content). Card data is handled by the payment provider as a PCI-DSS-compliant processor; InfiQ does not store full card numbers. Additional payment processors may be added from time to time and will be reflected on this page.
2.4 Other operational services
In addition to the Sub-processors listed above, InfiQ may use additional operational Sub-processors to run the Service — for example, for email / notification delivery, analytics, monitoring and error tracking, and customer-support tooling. Where InfiQ engages such a Sub-processor to Process Customer Data, InfiQ will update this list and give notice of material additions in accordance with Section 1.3, so that Customers can exercise the objection right in Section 4.
3. Data Residency and Onward International Transfers
All InfiQ data centres are currently located in India. The cloud infrastructure providers above (AWS, Microsoft Azure, and Google Cloud) are configured to use India data-centre regions, and the WhatsApp Business API / Meta Cloud API used by the Service is localised to India. In the ordinary course, the Service does not export Customer Data out of India.
Where a Customer (or a Controller on whose behalf the Customer acts) sends Personal Data that is subject to the EU GDPR, the UK GDPR, or another Applicable Data Protection Law into India by using the Service, that transfer into India may be a Restricted Transfer. For such transfers, InfiQ ensures that an appropriate transfer mechanism is in place, as described in Section 7 of the DPA, including:
- the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, Module Two and, where relevant, Module Three) for transfers subject to the EU GDPR;
- the UK International Data Transfer Addendum (UK IDTA) for transfers subject to the UK GDPR;
- reliance, where applicable, on the EU–US / UK Extension / Swiss–US Data Privacy Framework for any validly self-certified Sub-processor; and
- compliance with the DPDP Act 2023 and any cross-border transfer conditions notified by the Central Government of India.
Encryption in transit (TLS 1.2 / 1.3) and at rest (AES-256, with databases encrypted to industry standards) and the other technical and organisational measures in Annex II of the DPA apply as supplementary safeguards to these transfers.
4. How to Object to a New Sub-processor
If we notify you of a new or replacement Sub-processor and you have a reasonable data-protection concern, you may object as follows:
- Write to us at privacy@infiq.in within ten (10) days of the notice, with the subject line "Sub-processor objection".
- Tell us your grounds — identify the Sub-processor and describe your specific, reasonable data-protection concern (for example, the Processing location, the security posture, or an adequacy / transfer issue).
- We will work with you in good faith to address the concern — for example, by describing additional safeguards, offering an alternative configuration, or (where feasible) making the Service available without the objected-to Sub-processor.
- If we cannot resolve it, you may, as your sole and exclusive remedy, terminate the affected part of the Service, and we will provide a pro-rata refund of any prepaid Subscription Fees for the unused portion of the then-current term for that affected Service, as set out in Section 6.3 of the DPA.
If you do not object within the notice period, you are deemed to have authorised the new or replacement Sub-processor. Note that Meta / WhatsApp is an essential Sub-processor (Section 2.2); an objection to Meta can, as a practical matter, only be resolved by terminating the affected Service.
5. Last Updated and Contact
Last updated: 13 July 2026
For questions about this page, about our Sub-processors, or to subscribe to change notifications or lodge an objection, contact us:
| Purpose | Contact |
|---|---|
| Privacy / Sub-processor requests | privacy@infiq.in |
| Support | support@infiq.in |
| Grievance redressal (India, DPDP Act / IT Act) | grievance@infiq.in |
| Phone | 022-69621762 (Monday–Friday, 10:00 AM–5:00 PM IST) |
| Postal | AIO Infinity Private Limited (InfiQ), 54, Old Subhash Nagar, Bhopal – 462023, Madhya Pradesh, India |
| Website | https://www.infiq.in |
Related documents: Data Processing Agreement (https://www.infiq.in/dpa) · Privacy Policy (https://www.infiq.in/privacy-policy) · Terms and Conditions (https://www.infiq.in/terms).