Sub-processors

Last updated: May 17, 2026

FOATT engages the third-party providers listed below to operate the Services. Each is bound by written terms that require them to protect Customer Data and use it only to provide the contracted service. This page is the canonical list referenced from §3 of our Privacy Policy.

We provide reasonable advance notice before adding a new sub-processor that processes Customer Data. To receive notifications, email privacy@foatt.com.

Infrastructure & data storage

• 
  Heroku (a Salesforce company) — application hosting, managed PostgreSQL database, and routine database backups, in the United States region. Encryption at rest by default. Privacy policy.
• 
  Amazon Web Services (AWS) — object storage (Amazon S3) for files uploaded into the Services, in the United States region. Encryption at rest. Privacy policy.

Error monitoring & operational diagnostics

• 
  Sentry — captures application errors and the surrounding request context (URL path, user ID, HTTP status, stack trace) so we can diagnose and fix issues. Error payloads may incidentally include personal information present in the failing request; we do not send error data to Sentry for any other purpose. Privacy policy.

Payments

• 
  Stripe — subscription billing and payment processing. Cards entered directly into Stripe; FOATT stores only Stripe identifiers and billing-status events. Privacy policy.

Email

• 
  Resend — transactional and service email (confirmations, password resets, billing notices, security alerts, in-app notifications). Privacy policy.

Customer support

• 
  Intercom — in-app chat support and the conversations you send through it (message contents, your name and email, basic session metadata). Used only to receive and respond to support requests. Privacy policy.

Banking data

Engaged only when you choose to connect a bank account in the Services. Disconnecting from the Settings page stops new data flow immediately.

• 
  Plaid — bank account names, balances, and transactions for accounts you connect. Plaid handles your bank credentials directly; FOATT never sees them. Privacy policy.

What's not on this list. Systems you sign in to with your own credentials — including QuickBooks Online, NetSuite, and any AI provider you connect with your own API key — are not FOATT sub-processors. You have your own relationship with those vendors; FOATT receives data from them at your direction and processes it on your behalf in the Services. Their own privacy terms govern their handling of your account with them.

AI providers

Engaged when you use AI-assisted features in the Services. Each provider is contracted on a no-training basis: Customer Data sent to them is used only to generate the requested output and is not used to train their models.

• 
  Anthropic — large language model inference. Privacy policy.
• 
  OpenAI — large language model inference. Privacy policy.
• 
  Google (Gemini) — large language model inference, paid API tier (no-training). Privacy policy.

You may also bring your own API key for any of the AI providers above. When you do, requests are sent under your own contract with that provider on the terms you have agreed with them, and that provider acts as your sub-processor rather than ours for those calls.

Contact

Questions about this list, or to request the latest version in writing: