Every vendor we rely on, named.
The full list of sub-processors that may handle Customer Data on Asiri’s behalf, with purpose and region. Updated as we add or remove vendors.
Last updated: 1 May 2026
Change notice: 30 days in advance via email + in-product banner
| Sub-processor | Purpose | Region | Since |
|---|---|---|---|
| Amazon Web Services (AWS) | Primary cloud hosting, storage, key management | ZA · af-south-1 (Cape Town) | 2024 |
| Cloudflare | CDN, DDoS protection, WAF | Global · edge POPs | 2024 |
| Postmark | Transactional email delivery | US · with EU failover | 2024 |
| Paystack | Payment processing (NGN) | NG · Lagos | 2024 |
| Stripe | Payment processing (USD, international) | US / IE | 2025 |
| Sentry | Error monitoring (no PII payloads) | US · region-locked project | 2024 |
| Plausible Analytics | Privacy-first product telemetry, no cookies | EU · DE | 2024 |
| Linear | Internal engineering ticketing (no Customer Data) | US | 2024 |
| Notion | Internal documentation (no Customer Data) | US | 2024 |
| Anthropic / OpenAI | Asiri Copilot LLM inference (zero-retention APIs) | US / EU | 2025 |
Asiri signs an NDPA-aligned data processing addendum with every sub-processor before it touches Customer Data, including transfer mechanisms under NDPA s.41. Customers may object to a new sub-processor within the 30-day notice window; if the objection cannot be resolved, the affected service can be terminated without penalty.