1. Overview
1.1 This page lists the third-party subprocessors that VynFi.com LLC (i.G.) ("VynFi") engages to process personal data on behalf of AssureTwin users. A subprocessor is a third-party data processor engaged by VynFi who processes personal data under VynFi's instructions.
1.2 Each subprocessor is bound by a data processing agreement (DPA) that includes the European Commission's Standard Contractual Clauses (SCCs) where applicable, and requires the subprocessor to implement appropriate technical and organizational measures to protect personal data.
1.3 This list is maintained in accordance with Article 28 GDPR and our commitments under our Privacy Policy and customer DPAs.
2. Current Subprocessors
Microsoft Azure
Microsoft Entra ID
Anthropic
Stripe, Inc.
Summary Table
| Name | Purpose | Location | Transfer |
|---|---|---|---|
| Microsoft Azure | Cloud infrastructure, compute, storage, and networking | Switzerland North (Zurich) | EU-U.S. Data Privacy Framework |
| Microsoft Entra ID | Authentication and identity management | United States (global infrastructure) | EU-U.S. Data Privacy Framework |
| Anthropic | AI features (Claude API for chat, recommendations, workpaper generation) | United States | Standard Contractual Clauses (SCCs) |
| Stripe, Inc. | Payment processing | United States | EU-U.S. Data Privacy Framework |
3. Data Categories by Subprocessor
3.1 The following table details the categories of personal data processed by each subprocessor:
Account data, simulation data, technical logs, usage data
Account data (name, email, tenant ID, object ID)
Simulation data only (synthetic financial data, engagement configurations). No personal data except incidental content in user prompts.
Billing data (name, email, payment method details, subscription status).
3.2 For detailed information about the categories of personal data we collect and how they are used, see Section 4 of our Privacy Policy.
4. Change Notification
4.1 We will provide at least 30 days' advance notice before engaging a new subprocessor or materially changing the scope of processing by an existing subprocessor. Notice will be provided via:
- Email notification to the account owner's registered email address
- Update to this subprocessor list page with the proposed effective date
- Notification to subscribers of dpa-updates@assuretwin.com
4.2 Enterprise customers with a DPA may receive additional notice as specified in their agreement.
5. Objection Process
5.1 If you have a reasonable objection to our engagement of a new subprocessor, you may notify us within 30 days of receiving the change notification by contacting privacy@assuretwin.com.
5.2 Your objection must include: (a) the name of the subprocessor you are objecting to; (b) the specific grounds for your objection, including any data protection concerns; and (c) any proposed alternatives or mitigations.
5.3 Upon receiving your objection, we will work in good faith to address your concerns. This may include:
- Providing additional information about the subprocessor's data protection measures
- Implementing additional contractual or technical safeguards
- Offering an alternative subprocessor or processing arrangement where commercially reasonable
5.4 If we are unable to resolve your objection to your reasonable satisfaction, you may terminate your subscription in accordance with Section 12 of our Terms of Service.
6. Contact
For questions about our subprocessors, data processing agreements, or to raise an objection, please contact:
See also: Privacy Policy · Terms of Service · Impressum