Subprocessors

Primary application infrastructure: managed database, object storage, transactional email, log aggregation, and edge hosting for the product app.

Data shared: All customer data classes (encrypted in transit and at rest).

Hosting for the public marketing site at zensus.app.

Data shared: HTTPS request logs, build artifacts. No customer account data.

Identity provider for sign-in, sessions, and account recovery.

Data shared: Email address, hashed password, session tokens.

Optional Google OAuth sign-in.

Data shared: Email, name, Google sub identifier (only if you choose Google sign-in).

Optional Apple OAuth sign-in.

Data shared: Email or relay address, Apple sub identifier (only if you choose Apple sign-in).

Bank account linking and read-only access to transactions and balances.

Data shared: Account metadata, balances, transactions. Your bank login is held by Plaid and never reaches Zensus.

Read-only sync of accounting data: purchases, bills, payments, invoices, P&L, balance sheet.

Data shared: OAuth tokens, accounting object data (only if you connect QuickBooks).

Read-only sync of CRM data and subscription tracking for accounts-receivable forecasting.

Data shared: OAuth tokens, contacts, companies, line items, invoices, subscriptions, admin email (only if you connect HubSpot).

Subscription billing and payment processing for Zensus itself.

Data shared: Stripe customer ID, billing email, subscription metadata. Card details are handled directly by Stripe and never reach Zensus.

Delivery of cash-flow alerts to a customer-selected Slack channel; processing of in-Slack actions (snooze, threshold adjust).

Data shared: Workspace metadata, channel IDs, alert message contents, interactivity payloads (only if you connect Slack).

Hosted inference for the AI features used to generate scenarios, categorize transactions, and power the conversational assistants. In this configuration, Anthropic (the maker of the Claude models) does not access the data we send to Bedrock.

Data shared: User prompts, conversation history, financial context (cash, MRR, expense breakdown, billing timeline), sanitized transaction descriptors.

Speech-to-text transcription for the voice assistant.

Data shared: Voice audio submitted to the voice agent.

Emotion detection on audio-derived text snippets for adaptive voice output.

Data shared: Short text snippets derived from voice audio.

VPN and proxy detection on integration connect, as a fraud signal.

Data shared: End-user IP address at the moment of integration connect.

Delivery of the Geist and Geist Mono webfonts used by the marketing site.

Data shared: Visitor IP and user-agent (transmitted to Google when fonts are fetched).

Embedded city-level map of Austin, TX shown in the marketing-site footer.

Data shared: Visitor IP and user-agent (transmitted to Google when the embedded map loads).

Marketing-site visitor identification for outbound sales. Apollo matches visitor IP addresses against its database of company IPs and reports which businesses are browsing our site.

Data shared: Visitor IP, user-agent, pageview events.

First-party, cookieless marketing-site performance metrics.

Data shared: Aggregated page-load timings and route-level traffic counts. No persistent identifiers.

Invisible bot and abuse protection on the marketing-site support form (zensus.app/support), so the contact and acknowledgment flow cannot be used to send spam.

Data shared: Visitor IP, user-agent, and a verification token (transmitted to Cloudflare when the support form is submitted).