Flinque Header Logo
Start Free Trial
breadcrumb image

Sub-processor List Page

Influencer Marketing Platform > Sub-processor List Page

Flinque Sub-processor List

Legal · Sub-processors
Effective date: April 23, 2026
Last updated: April 23, 2026
Version: 1.0
In Plain English

The short version, so you know who processes data on our behalf

Flinque uses carefully selected sub-processors to deliver our influencer marketing platform. Each sub-processor has been vetted for security and data protection practices, and each is bound by contractual commitments that mirror our own. This page lists our current sub-processors, their purpose, where they process data, and the safeguards in place.

Enterprise customers can subscribe to notifications when we add or change sub-processors. We provide at least 30 days advance notice for new sub-processors, and Enterprise customers can object on reasonable data protection grounds.

To subscribe to sub-processor change notifications, use the contact page with category “Sub-processor Notifications”.

1. About Our Sub-processors

Sub-processors are third-party service providers that process personal data on behalf of Flinque to help us deliver the Flinque influencer marketing platform.

Our approach to sub-processors:

  • Necessity-based: we only use sub-processors where they are necessary for service delivery or security
  • Vetted: each sub-processor is assessed for security, data protection, and commercial suitability before engagement
  • Bound by contract: each sub-processor has contractual obligations that reflect our own data protection commitments
  • Monitored: we continuously monitor sub-processor performance, security posture, and compliance
  • Transparent: this page discloses all sub-processors with access to personal data

This list works with our Data Processing Agreement, Data Privacy Policy, and GDPR Compliance policies.

2. Sub-processor Categories

We organize our sub-processors into 9 functional categories. Each category has its own data access scope and security requirements.

Category
Purpose
Infrastructure
Cloud hosting, databases, storage, content delivery
Payment Processing
Subscription billing, invoicing, card processing
Email Delivery
Transactional emails, notifications, marketing
Customer Support
Help desk, live chat, knowledge base tools
Analytics
Product usage analytics, monitoring, performance
AI and ML Providers
Language models, embedding providers, ML services
Data Sources
Creator data aggregators, social API providers
Security and Compliance
Authentication, monitoring, vulnerability management
Marketing and Sales
CRM, email marketing, webinar hosting

Specific vendors within each category are detailed in Sections 3 through 11.

3. Infrastructure and Hosting

Infrastructure providers host our application, databases, and storage. They are our most critical sub-processors.

Provider
Purpose
Location
Certifications
Amazon Web Services
Cloud hosting, databases, storage
United States, EU
SOC 2, ISO 27001, HIPAA, PCI DSS
Cloudflare
CDN, DDoS protection, DNS
Global
SOC 2, ISO 27001, PCI DSS
Vercel
Frontend hosting, edge network
United States, Global
SOC 2, ISO 27001

Primary data is stored in US regions with appropriate international transfer safeguards. Enterprise customers can request regional storage options.

4. Payment Processing

Payment processors handle billing, invoicing, and payment card processing. Flinque never stores raw card data; all payment credentials are tokenized by our processor.

Provider
Purpose
Location
Certifications
Stripe
Subscription billing, payment processing, tax handling
United States, EU
PCI DSS Level 1, SOC 1, SOC 2

5. Email Delivery

Email providers deliver transactional emails (account notifications, password resets, billing) and marketing communications.

Provider
Purpose
Location
Certifications
SendGrid (Twilio)
Transactional email delivery
United States
SOC 2, ISO 27001, HIPAA
Postmark
Backup transactional email
United States
SOC 2

6. Customer Support Tools

Support tools enable us to respond to customer inquiries, manage tickets, and maintain knowledge base resources.

Provider
Purpose
Location
Certifications
Intercom
Live chat, help desk, ticketing
United States, EU
SOC 2, ISO 27001
Notion
Internal knowledge base, documentation
United States
SOC 2, ISO 27001

7. Analytics and Monitoring

Analytics and monitoring tools help us understand platform usage, detect issues, and improve performance.

Provider
Purpose
Location
Certifications
Google Analytics 4
Website analytics (non-essential, consent-based)
United States
ISO 27001, SOC 2
Mixpanel
Product analytics
United States
SOC 2, ISO 27001
Datadog
Application performance monitoring
United States, EU
SOC 2, ISO 27001, HIPAA
Sentry
Error tracking and debugging
United States
SOC 2, ISO 27001

8. AI and Machine Learning Providers

AI and ML providers power specific Flinque features including Campaign IQ, Outreach Assistant, and scoring algorithms.

Provider
Purpose
Location
Certifications
Anthropic
Language model for content analysis and generation
United States
SOC 2
OpenAI
Language model for content tasks
United States
SOC 2
Pinecone
Vector database for similarity search
United States, EU
SOC 2

All AI providers are contractually prohibited from using our data to train their general-purpose models.

For more on our AI approach, see our AI Usage Policy.

9. Data Sources for Creator Profiles

Creator data sources provide the public social media data that populates our creator directory.

Provider
Purpose
Location
Certifications
Phyllo
Authorized creator data aggregator
United States
SOC 2
Apify
Public data collection within platform terms
European Union (Czech Republic)
GDPR-aligned
Social platform APIs
Instagram, TikTok, YouTube, X official APIs
United States, Global
Platform-specific

10. Security and Compliance Tools

Security tools protect our platform and enable compliance with data protection requirements.

Provider
Purpose
Location
Certifications
Auth0 (Okta)
Authentication and SSO
United States, EU
SOC 2, ISO 27001, HIPAA
Vanta
Security and compliance automation
United States
SOC 2, ISO 27001
1Password
Team secrets management
Canada
SOC 2, ISO 27001

11. Marketing and Sales Tools

Marketing and sales tools support prospect engagement, customer relationship management, and campaign execution.

Provider
Purpose
Location
Certifications
HubSpot
CRM, marketing automation
United States, EU
SOC 2, ISO 27001
Calendly
Meeting scheduling
United States
SOC 2
Zoom
Webinars, customer calls
United States
SOC 2, ISO 27001, HIPAA

12. Sub-processor Due Diligence

Before engaging any sub-processor, we conduct documented due diligence.

12.1 Assessment criteria

  • Security certifications (SOC 2, ISO 27001, PCI DSS where applicable)
  • Data protection practices and GDPR compliance
  • Geographic location of processing and transfer safeguards
  • Business continuity and operational stability
  • Contractual commitments and DPA availability
  • Incident response track record
  • Financial health for mission-critical vendors

12.2 Contractual requirements

Every sub-processor must agree to:

  • Process personal data only for specified purposes
  • Maintain appropriate Technical and Organizational Measures
  • Ensure personnel confidentiality
  • Support data subject rights requests
  • Notify us of security incidents within agreed timelines
  • Return or delete personal data at the end of the relationship
  • Submit to reasonable audits

12.3 Ongoing monitoring

We monitor sub-processors throughout the relationship including periodic reviews, incident monitoring, and re-evaluation when vendor circumstances change.

13. Notice of Changes

When we add, remove, or change sub-processors, we provide notice.

13.1 Advance notice commitment

  • Enterprise customers: at least 30 days advance notice for new sub-processors via the subscribed notification channel
  • Non-Enterprise customers: notice through updates to this page
  • Emergency changes: where urgent action is required (for example a vendor failing security standards), shorter notice may be given with explanation

13.2 How to subscribe to notifications

Enterprise customers can subscribe to sub-processor change notifications through our contact page with category “Sub-processor Notifications”. Subscribed customers receive:

  • Email notice when new sub-processors are added
  • Information about the purpose and data access scope
  • Details of transfer safeguards where applicable
  • Opportunity to raise objections under Section 14

13.3 Version history

We maintain a version history of this sub-processor list. Past versions are available to Enterprise customers on request.

14. Customer Objection Process

Enterprise customers can object to the addition of new sub-processors on reasonable data protection grounds.

14.1 How to object

Submit objections during the 30-day notice period via our contact page with category “Sub-processor Objection”. Include:

  • Your workspace or account ID
  • The specific sub-processor you object to
  • The data protection grounds for your objection (for example concerns about jurisdiction, security, or certification)
  • Any alternative you would consider acceptable

14.2 Resolution paths

If the Parties cannot resolve the objection through discussion, possible outcomes include:

  • Flinque elects to not engage the sub-processor for the objecting customer’s data
  • Flinque proceeds with the sub-processor and the Customer may terminate the affected services with a pro rata refund for unused prepaid fees
  • The Parties negotiate an alternative arrangement

14.3 Review timeline

Objections are acknowledged within 5 business days and substantively reviewed within 15 business days.

15. Contact for Sub-processor Matters

For sub-processor notifications, objections, due diligence questions, or audit requests, contact us.

Flinque Legal and Privacy
Flinque
Attn: Legal and Privacy (Sub-processors)
#8, Newbury Street
700 Boylston St
Boston, Massachusetts 02116
United States

Contact form: flinque.com/contact
Report an issue: flinque.com/report-an-issue