Sub-processors
Effective May 2, 2026
Spartan Financial Solutions uses the following third parties to deliver the Service. Each is bound by a Data Processing Agreement consistent with our Privacy Policy. We notify customers at least 15 days in advance of adding a new sub-processor.
| Vendor | Purpose | Data shared | Region | DPA |
|---|---|---|---|---|
| Vercel | Application hosting, edge network, deployment | All app traffic; transient request bodies | United States | View |
| Neon | Postgres database hosting (primary data store) | All persistent data: contacts, policies, messages, audit logs | United States (us-east-2) | View |
| Anthropic | Generative AI inference (Claude) for Copilot, compliance scans, voice scripts | Prompts and tool-call results; we do not enable training on user data | United States | View |
| Twilio | SMS delivery and voice telephony | Outbound + inbound SMS bodies, phone numbers, message metadata | United States | View |
| Vapi | AI voice agent platform (inbound calls + outbound dialing) | Call audio, transcripts, summaries, caller phone numbers | United States | View |
| Stripe | Subscription billing and payment processing | Agency name, billing email, subscription state (no card data — held by Stripe directly) | United States | View |
| Resend | Transactional email (account, billing, alerts) | Email addresses, message bodies, delivery metadata | United States | View |
| OAuth-based Calendar and Gmail integrations (per-user opt-in) | Calendar events and emails the user explicitly grants access to | United States | View | |
| Upstash | Redis-backed rate limiting and ephemeral counters | Hashed user/IP identifiers and request counts; no PII | United States | View |
| Sentry | Error tracking and performance monitoring | Stack traces, request URLs, browser metadata; PII is scrubbed before transmission | United States | View |
Questions about how data flows between Spartan Financial Solutions and any of these vendors? Email privacy@spartan-os.com.