Last updated: 2026-05-14. This page lists the third-party service providers Wanabal engages to deliver the Services. We update this list when we add or change a Subprocessor.
Wanabal Corporation ("Wanabal") engages a small number of third-party service providers ("Subprocessors") to help deliver the Wanabal services (the "Services"). This page lists the Subprocessors that may process Customer Personal Information in connection with the Services. "Customer Personal Information" has the meaning given in the Wanabal Privacy Policy, which sets out Wanabal's full data-handling commitments, including the legal bases for processing, retention periods, security safeguards, and the rights available to individuals.
Wanabal is US-based and hosts the Services in the United States. All Subprocessors listed below are also US-based; Wanabal does not currently engage Subprocessors outside the United States to process Customer Personal Information. For Customers located in Canada or Quebec, the cross-border transfer disclosures in the Privacy Policy explain how this affects you and what you can do about it.
Customers may subscribe to advance notice of changes to this list by emailing info@wanabal.com with the subject line "Subprocessor Notifications." Where reasonably practicable, Wanabal will provide subscribed Customers with at least 30 days' advance notice before engaging a new Subprocessor that materially affects the processing of Customer Personal Information.
The table below reflects the Subprocessors Wanabal engages or plans to engage at launch. The "Location" column refers to the jurisdiction in which the Subprocessor primarily processes Customer Personal Information for Wanabal.
| Vendor | Purpose / Function | Data Categories | Location |
|---|---|---|---|
| PropelAuth | Identity, authentication, role and organization management | Authentication credentials, user profile data, role and organization assignments | United States |
| Render | Application hosting (web and backend services) | All Customer Content in transit and in application memory; application and access logs | United States |
| Neon | Managed PostgreSQL database hosting | All persisted Customer Content, including general ledger, entity, and compliance records | United States |
| Supabase Storage | File storage for PDFs (Service Level Agreements, promissory notes, bank statements, compliance exports) | Documents Customer uploads or that the Services generate on Customer's behalf | United States |
| Resend | Transactional email delivery (primary provider) | Email content, recipient address, sender address, delivery and engagement metadata | United States |
| SendGrid | Transactional email delivery (alternate provider / migration path) | Email content, recipient address, sender address, delivery and engagement metadata | United States |
| Twilio | SMS notifications and Twilio Verify (one-time passcodes) | Phone numbers, message content, verification codes, delivery metadata | United States |
| Inngest | Background job orchestration (scheduled jobs, compliance reminders, balance and accrual sync) | Job payloads, which may include Customer identifiers and small Customer Content snippets necessary to execute the job | United States |
| Anthropic (Claude API) | Large language model powering Fynn: drafts of SLAs and promissory notes, bank-statement extraction, categorization suggestions, and Q&A | Fynn prompts and outputs, including the Customer Content snippets passed as context. Processed under Anthropic's enterprise / commercial tier; not used to train Anthropic's models [per Anthropic Commercial Terms] | United States |
| Voyage AI | Vector embeddings for Fynn semantic search and retrieval | Vector embeddings of Customer Content snippets used to ground Fynn responses | United States |
| Plaid | Bank-account OAuth connection and read-only transaction sync | Bank account, balance, and transaction data returned by Plaid; not bank login credentials, which Customer provides directly to Plaid [per Plaid Developer Policy] | United States |
| Intuit (QuickBooks Online) | Accounting integration via OAuth 2.0 (bidirectional general ledger and transaction sync) | QBO account, journal entry, transaction, customer, vendor, and item objects accessed within the OAuth scopes Customer authorizes | United States |
| Gemini Exchange | Crypto exchange OAuth: balances, orders, staking, and rewards data | Account balances, transaction and order history, staking and rewards data within the OAuth scopes Customer authorizes | United States |
| Stripe | Subscription billing for Wanabal (billing for the Wanabal subscription itself; not Customer's customer payments) | Billing contact information, payment-card details (held by Stripe, not Wanabal), invoice and subscription metadata | United States |
| Slack | Workspace notifications integration (planned) | Channel and user identifiers and notification payloads sent to the Customer's connected workspace | United States |
| PostHog | Product analytics and telemetry | Usage events, page views, identifiers, IP address, and session metadata | United States |
US-only processing. All Subprocessors listed above process Customer Personal Information in the United States. Wanabal does not currently engage Subprocessors outside the US for processing Customer Personal Information. If Wanabal engages a Subprocessor that processes Customer Personal Information outside the US, Wanabal will update this page and provide advance notice as described above.
Data processing terms. Where Wanabal acts as a service provider or processor of Customer Personal Information, Wanabal has data processing terms in place with each Subprocessor that include security and confidentiality commitments substantially consistent with those Wanabal makes to Customers in the Privacy Policy and the Terms of Service.
No model training on Customer Content. Wanabal's AI Subprocessors (Anthropic and Voyage AI) are engaged on tiers under which Customer Content is not used to train the providers' underlying models [per Anthropic Commercial Terms; per Voyage AI Terms].
Data Processing Addendum. Customers that require a Data Processing Addendum (DPA) – including for CCPA/CPRA service-provider terms, PIPEDA accountability commitments, Quebec Law 25 cross-border transfer documentation, or accidental EU onboarding – may request one by emailing info@wanabal.com.
Currency of this list. This list reflects Wanabal's Subprocessors as of the "Last updated" date shown at the top of this page. Wanabal reviews this page periodically and updates it when Subprocessors are added, removed, or change function or location.
If you have questions about this page, contact info@wanabal.com.
Last updated: 2026-05-14