Skip to main content
ASIRI

Every vendor we rely on, named.

Customer Data sub-processors are listed separately from internal operations vendors. Each entry states its purpose, region, transfer safeguard, exposure boundary, and review cadence.

Subscribe to changes Read the DPA
Last updated: 17 May 2026
Change notice: 30 days in advance via email + in-product banner

Amazon Web Services (AWS)

Since 2024

Customer Data sub-processor
Purpose
Primary cloud hosting, storage, key management
Region
ZA · af-south-1 (Cape Town)
Transfer safeguard
NDPA s.41 transfer assessment, AWS DPA, and regional residency controls
Customer Data exposure boundary
Tenant databases, uploads, logs, backups, and key-management metadata
Review cadence
Quarterly control review; annual vendor-risk refresh

Cloudflare

Since 2024

Customer Data sub-processor
Purpose
CDN, DDoS protection, WAF
Region
Global · edge POPs
Transfer safeguard
DPA, transfer impact review, and edge-processing configuration review
Customer Data exposure boundary
Edge request metadata and IP addresses; no tenant evidence content at rest
Review cadence
Quarterly configuration review

Postmark

Since 2024

Customer Data sub-processor
Purpose
Transactional email delivery
Region
US · with EU failover
Transfer safeguard
DPA, documented contractual safeguards, and transfer review for cross-border delivery
Customer Data exposure boundary
Recipient address, delivery metadata, and transactional message content
Review cadence
Annual vendor-risk review; template review on material change

Paystack

Since 2024

Customer Data sub-processor
Purpose
Payment processing (NGN)
Region
NG · Lagos
Transfer safeguard
Local processor DPA and payment-security review
Customer Data exposure boundary
Billing contact, transaction metadata, and payment status only
Review cadence
Annual vendor-risk review

Stripe

Since 2025

Customer Data sub-processor
Purpose
Payment processing (USD, international)
Region
US / IE
Transfer safeguard
DPA, documented contractual safeguards, and transfer review for international billing data
Customer Data exposure boundary
Billing contact, transaction metadata, and payment status only
Review cadence
Annual vendor-risk review

Sentry

Since 2024

Customer Data sub-processor
Purpose
Error monitoring (no PII payloads)
Region
US · region-locked project
Transfer safeguard
DPA, data-scrubbing controls, and project-region review
Customer Data exposure boundary
Operational telemetry only; no file contents or evidence exports
Review cadence
Quarterly payload-scrubbing review

Plausible Analytics

Since 2024

Customer Data sub-processor
Purpose
Privacy-first product telemetry, no cookies
Region
EU · DE
Transfer safeguard
EU hosting, DPA, and telemetry minimisation review
Customer Data exposure boundary
Aggregated product telemetry; no cookie identifiers or tenant records
Review cadence
Annual vendor-risk review

Anthropic / OpenAI

Since 2025

Customer Data sub-processor
Purpose
Regulatory Intelligence LLM inference (zero-retention APIs where available)
Region
US / EU
Transfer safeguard
DPA, documented transfer safeguards where applicable, zero-retention configuration, prompt minimisation, and model-provider configuration review
Customer Data exposure boundary
Tokenised prompts and source snippets only; training and retention disabled where vendor controls allow
Review cadence
Monthly AI vendor configuration review

Asiri signs an NDPA-aligned data processing addendum with every Customer Data sub-processor before it touches Customer Data. Cross-border use is tracked with documented safeguards under NDPA s.41, with counsel or auditor review pending where applicable. Customers may object to a new sub-processor within the 30-day notice window; if the objection cannot be resolved, the affected service can be terminated without penalty.

Internal operations

Vendors outside Customer Data processing.

These vendors support ASIRI internal operations. They are reviewed through vendor-risk governance, but ASIRI policy does not permit Customer Data in these workspaces.

Linear

Since 2024

Internal operations
Purpose
Internal engineering ticketing
Region
US
Transfer safeguard
Vendor DPA and internal policy prohibiting Customer Data in tickets
Customer Data exposure boundary
Internal operations only; no Customer Data permitted
Review cadence
Annual vendor-risk review

Notion

Since 2024

Internal operations
Purpose
Internal documentation
Region
US
Transfer safeguard
Vendor DPA and internal policy prohibiting Customer Data in workspaces
Customer Data exposure boundary
Internal operations only; no Customer Data permitted
Review cadence
Annual vendor-risk review