Current list of sub-processors Finsi engages to deliver the platform. Categorized by function, with the data each one may access and the location of processing.
Last Updated: May 15, 2026 Company: Finsi (finsi.ai)
Finsi engages a small number of third-party services to operate the platform. This page lists every sub-processor that may access customer data on our behalf, categorized by function. We update this list whenever a sub-processor is added or removed.
Customers can subscribe to change notifications by emailing privacy@finsi.ai. We notify subscribers at least 14 days before adding a new sub-processor that will process customer data.
This list does not include third-party platforms that customers connect to Finsi (Shopify, Klaviyo, Meta Ads, Google Ads, Recharge, etc.). Those are customer-controlled integrations where the customer owns the relationship with the third party. Finsi accesses those platforms only via OAuth credentials the customer grants, with the scopes the customer authorizes.
| Sub-processor | Purpose | Data accessed | Location | |---|---|---|---| | Amazon Web Services (AWS) | Application hosting, compute, storage (RDS, S3), KMS, networking | All customer data at rest and in transit | United States (us-east-1) | | AWS Redshift | Analytics warehouse for aggregated customer data | Aggregated customer data for analysis and reporting | United States (us-east-1) |
AWS holds SOC 2 Type II, ISO 27001, PCI DSS, and other independent attestations.
When Finsi generates recommendations, weekly memos, email copy, or other AI-driven outputs, customer data may be processed by the providers below. We use providers with enterprise privacy commitments that do not train on customer prompts or outputs.
| Sub-processor | Purpose | Data accessed | Location | |---|---|---|---| | Anthropic (via AWS Bedrock) | Primary LLM for analysis, recommendations, copy generation | Customer business data, prompts | United States (us-east-1) | | OpenAI | Fallback LLM and embeddings | Customer business data, prompts | United States | | Google (Gemini paid API) | Specialized analysis for image and multimodal use cases | Customer business data, prompts | United States | | Nano Banana | Ad creative image generation | Customer prompts, brand assets | United States |
All LLM providers above are accessed under paid/enterprise terms and are contractually bound to not train on customer data when accessed via Finsi.
| Sub-processor | Purpose | Data accessed | Location | |---|---|---|---| | Nango | OAuth broker for 50+ third-party platform integrations | OAuth refresh tokens (encrypted), connection metadata | United States / Europe | | Airbyte | Data sync between connected platforms and Finsi's warehouse | Customer business data flowing into the warehouse | United States |
| Sub-processor | Purpose | Data accessed | Location | |---|---|---|---| | Resend | Transactional email (account notifications, audit reports, weekly memos) | Email addresses, content of notifications | United States | | Stripe | Payment processing | Billing data, payment method (card data stored only by Stripe, never by Finsi) | United States | | PostHog | Product analytics and feature usage telemetry | Account email, in-app event data; no customer business data | United States | | Attio | Customer relationship management; customer business data syncs from Finsi for sales and account management | Account contacts, company data, communication history, synced business metrics | United States |
Customer-controlled integrations. Shopify, Klaviyo, ActiveCampaign, Postscript, Attentive, Meta Ads, Google Ads, TikTok Ads, Recharge, Appstle, Stay AI, Gorgias, Zendesk, Google Analytics, Shopify Search Console, and similar platforms are not Finsi sub-processors. Customers own the contractual relationship with these platforms. Finsi accesses them via OAuth or API keys the customer provides, with the scopes the customer authorizes.
Open-source dependencies. Software libraries (Next.js, React, PostgreSQL, etc.) used to build the platform are not sub-processors. They do not receive customer data.
To receive notification when this list changes, email privacy@finsi.ai with the subject "Sub-processor notifications" and the email addresses to notify.
We commit to notifying subscribers at least 14 days before adding a new sub-processor that will process customer data, and immediately when removing one.
Customers may object to a new sub-processor by emailing privacy@finsi.ai within the notification window. If we cannot accommodate the objection through alternate technical or commercial arrangements, the customer may terminate the affected service without penalty.
Customers under NDA may request:
Send requests to security@finsi.ai.
Finsi connects your Shopify, ads, and email data - then tells you exactly what to do next. Free 30-day trial, no credit card.