Skip to main content
maivis
How It WorksRewardsSecurityAboutPricing
Sign inExplore demoGet started →

Legal & Compliance

Sub-processors

Mango Technologies Ltd engages the following third-party sub-processors to provide the maivis platform. Each has been reviewed for compliance with DIFC Data Protection Law 2020. Data processing agreements are in place with each provider.

ProviderPurposeRegionDPA

Google Cloud Platform

Primary cloud provider. Data at rest in Google Cloud private cloud. AI processing via Gemini Enterprise Agent Platform global endpoint with contractual Zero Data Retention. Under our agreement with Google, data is processed but not stored or used for training by Google's AI systems. This is a contractual commitment, not a technical impossibility; data transits Google infrastructure for processing.

AI inference (Gemini Enterprise Agent Platform), object storage (Cloud Storage), relational database (Cloud SQL), encryption key management (Cloud KMS), compute (Cloud Run), authentication (Firebase)

Google Cloud private infrastructure for storage/compute; Gemini Enterprise Agent Platform global (US/EU) for AI with Zero Data Retention

Google Cloud DPA

Anthropic (via Google Cloud Gemini Enterprise Agent Platform Model Garden)

Accessed exclusively via Google Cloud Model Garden. No direct Anthropic API calls. Data processed under contractual Zero Data Retention (ZDR): data transits Google infrastructure for processing but is not stored or used for training by Google or Anthropic.

AI language model processing for complex analysis: portfolio rebalancing, succession assessment, advanced reasoning

Global (contractual ZDR via Gemini Enterprise Agent Platform; no data stored by Google or Anthropic)

Covered by Google Cloud DPA (via ZDR contract)

Stripe

PCI-DSS Level 1 certified. Card data never touches maivis servers.

Payment card processing, subscription management, billing portal

Global (Stripe infrastructure)

Stripe Data Processing Agreement

Firebase (Google)

Authentication, identity management, FIDO2 passkey verification

GCP global

Google Cloud DPA

PostHog

Analytics are opt-in only (DIFC DPL 2020 Art. 11). No data collected without explicit user consent.

Product analytics: session recording, event tracking, funnel analysis

EU (PostHog Cloud EU)

PostHog DPA

Lean Technologies

Bank account connection tokens and account metadata only. Read-only access. Regulated by SAMA and ADGM FSRA.

Open banking data aggregation for UAE and KSA bank account connectivity

UAE

Lean DPA

Plaid Inc.

Bank account connection tokens and account metadata only. Read-only access. Integration pending production credentials.

Open banking data aggregation for US, UK, and Canada bank connectivity

USA

Plaid Privacy Policy

India open banking (coming soon)

No India banking integration is currently active. No data is shared with any India banking provider. Integration to be announced.

India open banking integration is coming soon. Assets in India can be added manually in the interim.

India

Under DIFC Data Protection Law 2020 Articles 26–27, Mango Technologies Ltd remains the data controller responsible for all personal data processed by sub-processors on its behalf. Each sub-processor is bound by contractual obligations that are no less protective than the obligations in our Data Processing Agreement.

Last updated: May 2026. Updates to this list will be published here with a new effective date.

Questions about sub-processor data processing? privacy@maiviswealth.com