Subprocessors & Infrastructure Providers

Privacy Policy

Subprocessors & Infrastructure Providers

Transparency pursuant to Article 28 GDPR

Overview

FinSuites, LLC (“FinSuites”) provides its Services as a data processor within the meaning of Article 28 GDPR where personal data is processed on behalf of Customers and engages trusted subprocessors (sub-processors) to support the provision, operation, security and improvement of its Services.

This page provides an up-to-date overview of subprocessors in accordance with Article 28 GDPR.
Subprocessors process personal data solely on FinSuites’ documented instructions or as required by applicable law and are bound by contractual data protection obligations no less protective than those set forth in FinSuites’ Data Processing Agreement (DPA).

Depending on the Services used and configurations selected by the Customer, subprocessors may process contact data, communication metadata, usage data, technical identifiers and limited transactional metadata.

Core Platform & Infrastructure

Subprocessor

Purpose

Processing Location

GoHighLevel / LeadConnector

Core SaaS platform, CRM, communications and underlying infrastructure

United States

Note:
FinSuites operates the Services as a white-label implementation of the GoHighLevel / LeadConnector platform.
GoHighLevel is responsible for the underlying technical infrastructure and may engage additional infrastructure or technology providers as subprocessors, in accordance with its own data processing agreements and applicable data protection law.

Payments & Billing

Subprocessor

Purpose

Processing Location

Stripe

Payment processing

United States / EU

PayPal

Payment processing

United States / EU

FinSuites does not store full payment card details.

Email, Messaging & Telephony

(where enabled and configured by the Customer)

Subprocessor

Purpose

Processing Location

Mailgun

Transactional and marketing email delivery

United States

Twilio

SMS, voice and messaging services

United States

WhatsApp (Meta Platforms)

Messaging integrations

United States

Processing by these subprocessors occurs only where enabled by the Customer and strictly for the purposes selected and configured within the Services.

Analytics, Advertising & Tracking

(where enabled and configured by the Customer)

Subprocessor

Purpose

Processing Location

Google Analytics

Usage analytics

United States / EU

Google Ads

Advertising and conversion tracking

United States

Meta Platforms

Advertising, attribution and analytics

United States

Use of analytics and advertising subprocessors is subject to the Customer’s configuration choices and applicable consent requirements.

Support & Communications

Subprocessor

Purpose

Processing Location

Google Workspace (Gmail)

Customer support and internal communications

United States / EU

Customer-Enabled Integrations & Marketplace Applications

Customers may enable additional third-party integrations or marketplace applications at their discretion.

Such third parties act as independent controllers or processors under their own terms and privacy policies.
FinSuites is not responsible for the data processing practices of customer-enabled integrations.

International Data Transfers

Where personal data is processed outside the European Economic Area, FinSuites relies on appropriate safeguards, including:

the EU-U.S. Data Privacy Framework (DPF), where applicable, and/or

Standard Contractual Clauses (SCCs) adopted by the European Commission.

Where a subprocessor is not certified under the EU-U.S. Data Privacy Framework, FinSuites relies on Standard Contractual Clauses or equivalent safeguards.

Where personal data is transferred onward by subprocessors, equivalent safeguards are contractually required.

Subprocessor Changes

FinSuites may add or replace subprocessors from time to time.

Where required by applicable data protection law, FinSuites will provide prior notice of material changes to its subprocessors.

Customers may object to a new subprocessor only on documented and substantiated data protection grounds.
Any objection must be raised within fourteen (14) days of receipt of the notification of the new subprocessor.

If no commercially reasonable alternative exists, the Customer’s sole remedy is termination of the Services in accordance with the Terms and Conditions.

Updates

This Subprocessor List may be updated from time to time.
The current version is always available via this document or the corresponding online version.

Contact

If you have questions regarding subprocessors or data processing, please contact:

FinSuites, LLC
Email: [email protected]

Explore a better way to grow

(307) 394-4030

We’re on a mission to build a better future where technology creates good jobs for everyone.

Subprocessors & Infrastructure Providers

Subprocessors & Infrastructure Providers

Transparency pursuant to Article 28 GDPR

Overview

FinSuites, LLC (“FinSuites”) provides its Services as a data processor within the meaning of Article 28 GDPR where personal data is processed on behalf of Customers and engages trusted subprocessors (sub-processors) to support the provision, operation, security and improvement of its Services.

Depending on the Services used and configurations selected by the Customer, subprocessors may process contact data, communication metadata, usage data, technical identifiers and limited transactional metadata.

Core Platform & Infrastructure

Subprocessor

Purpose

Processing Location

GoHighLevel / LeadConnector

Core SaaS platform, CRM, communications and underlying infrastructure

United States

Payments & Billing

Subprocessor

Purpose

Processing Location

Stripe

Payment processing

United States / EU

PayPal

Payment processing

United States / EU

FinSuites does not store full payment card details.

Email, Messaging & Telephony

(where enabled and configured by the Customer)

Subprocessor

Purpose

Processing Location

Mailgun

Transactional and marketing email delivery

United States

Twilio

SMS, voice and messaging services

United States

WhatsApp (Meta Platforms)

Messaging integrations

United States

Processing by these subprocessors occurs only where enabled by the Customer and strictly for the purposes selected and configured within the Services.

Analytics, Advertising & Tracking

(where enabled and configured by the Customer)

Subprocessor

Purpose

Processing Location

Google Analytics

Usage analytics

United States / EU

Google Ads

Advertising and conversion tracking

United States

Meta Platforms

Advertising, attribution and analytics

United States

Use of analytics and advertising subprocessors is subject to the Customer’s configuration choices and applicable consent requirements.

Support & Communications

Subprocessor

Purpose

Processing Location

Google Workspace (Gmail)

Customer support and internal communications

United States / EU

Customer-Enabled Integrations & Marketplace Applications

Customers may enable additional third-party integrations or marketplace applications at their discretion.

Such third parties act as independent controllers or processors under their own terms and privacy policies.FinSuites is not responsible for the data processing practices of customer-enabled integrations.

International Data Transfers

Where personal data is processed outside the European Economic Area, FinSuites relies on appropriate safeguards, including:

Where a subprocessor is not certified under the EU-U.S. Data Privacy Framework, FinSuites relies on Standard Contractual Clauses or equivalent safeguards.

Where personal data is transferred onward by subprocessors, equivalent safeguards are contractually required.

Subprocessor Changes

FinSuites may add or replace subprocessors from time to time.

Where required by applicable data protection law, FinSuites will provide prior notice of material changes to its subprocessors.

Customers may object to a new subprocessor only on documented and substantiated data protection grounds.Any objection must be raised within fourteen (14) days of receipt of the notification of the new subprocessor.

If no commercially reasonable alternative exists, the Customer’s sole remedy is termination of the Services in accordance with the Terms and Conditions.

Updates

This Subprocessor List may be updated from time to time.The current version is always available via this document or the corresponding online version.

Contact

If you have questions regarding subprocessors or data processing, please contact:

FinSuites, LLCEmail: [email protected]

Explore a better way to grow

Such third parties act as independent controllers or processors under their own terms and privacy policies.
FinSuites is not responsible for the data processing practices of customer-enabled integrations.

Customers may object to a new subprocessor only on documented and substantiated data protection grounds.
Any objection must be raised within fourteen (14) days of receipt of the notification of the new subprocessor.

This Subprocessor List may be updated from time to time.
The current version is always available via this document or the corresponding online version.

FinSuites, LLC
Email: [email protected]