Security review
Data-flow map
Where call and audience data travels through Finn’s subprocessors — the data category each receives and its PHI/BAA status. Prepared for enterprise security reviews; mirrors Annex IV of our Data Processing Addendum.
Last updated: July 18, 2026
Live call pipeline
A single call flows top to bottom. Audio is processed in memory; only recordings and transcripts come to rest, in the customer-selected region. Finn Telephony, Finn STT, and Finn TTS are first-party services operated by Finn in the workspace region — not third-party subprocessors; the named vendors alongside them are.
Call ingress / egress
End caller (PSTN)
Inbound or outbound voice call over the public telephone network.
- PHI:
- —
Telephony
Finn Telephony · Twilio · Plivo
Live PSTN voice payload, phone numbers, caller-ID. Not stored transcripts. Downstream carrier networks are mere conduits — not subprocessors.
- PHI:
- PHI — BAA in place ✓
Speech-to-text
Finn STT · Deepgram · Microsoft · Google
Raw inbound voice audio for real-time transcription. Not stored recordings.
- PHI:
- PHI — BAA in place ✓
Language models
OpenAI · Anthropic · Google · Microsoft
Transcript text + prompts, under zero-data-retention / no-training model APIs (all four providers). OpenAI's Realtime API additionally ingests raw audio; the other providers receive transcript only.
- PHI:
- PHI — BAA in place ✓
Text-to-speech
Finn TTS · ElevenLabs · Cartesia · Sarvam · Inworld · Smallest · Google · Microsoft
Text to synthesize (may contain PHI); returns generated audio. Does not receive inbound caller audio.
- PHI:
- PHI — BAA in place ✓
Storage & compute
Google Cloud · Microsoft Azure (interchangeable)
Voice recordings and transcripts at rest, in the customer-selected workspace region.
- PHI:
- PHI — BAA in place ✓
Audience enrichment path
A separate flow, triggered only when a customer uploads an audience for enrichment. It does not touch the live call pipeline or any call content.
Audience enrichment (separate path — not the call pipeline)
ContactOut
Customer-uploaded contact identifiers; returns business email and LinkedIn data only. No PHI, and no voice or call content.
- PHI:
- No PHI — BAA in place ✓
Platform operations
Supporting services. None receive voice audio, transcripts, or PHI — all low transfer-risk.
Payments
Razorpay · Dodo · Lemon Squeezy
Customer billing identity + payment metadata. No call content.
Transactional email
Resend
Recipient email + message content. No voice, transcripts, or PHI.
Support
Intercom
Support-chat identity/content of customer users. No call recordings.
Product analytics
PostHog
Product-usage events only. No call content or PII.
Error monitoring
Sentry
Error traces. No PII or call content.
Security
Cloudflare
IP + request metadata (bot protection). No voice or transcripts.
Transfer basis.Where a subprocessor processes personal data outside the customer’s workspace region, the transfer is carried out under the Standard Contractual Clauses (Modules Two and Three) incorporated into our DPA, supported by technical measures (AES-256 at rest, TLS 1.2/1.3 in transit, ephemeral in-memory audio, and zero-data-retention model APIs where confirmed).
The full subprocessor register is at /subprocessors. All data-category and PHI/BAA entries above are engineering-confirmed as of 18 July 2026, and BAAs are in place with every PHI-touching subprocessor.