Read this first. Fyneri is not a Payment Service Provider, money transmitter, bank, or regulated financial institution. We do not hold customer funds. We do not settle transactions. We are a software vendor. Stripe, Inc. is the regulated party in every payment flow. Where we describe a feature as "Fyneri does X," we mean Fyneri's software orchestrates Stripe's regulated services to do X on your behalf.
01What Fyneri is — and what Stripe is
| Function | Performed by |
|---|---|
| Card authorization, capture, settlement | Stripe Inc. |
| Merchant KYC and account underwriting | Stripe Inc. |
| Funds custody and payout to your bank | Stripe Inc. |
| Card network compliance (Visa, Mastercard, etc.) | Stripe Inc. |
| Dispute handling and chargeback responses | Stripe Inc. (with our tooling) |
| 1099-K issuance to U.S. merchants | Stripe Inc. |
| Hosted checkout UI & embedded components | Fyneri LLC |
| Merchant dashboard and analytics | Fyneri LLC |
| Webhook automation, integrations, recovery emails | Fyneri LLC |
| Customer support for software issues | Fyneri LLC |
| Storage of merchant profile and operational data | Fyneri LLC |
02PCI-DSS
The Payment Card Industry Data Security Standard (PCI-DSS) governs anyone storing, processing, or transmitting cardholder data. Fyneri's architecture is deliberately designed to avoid handling cardholder data:
- Card numbers are collected via Stripe Elements, served directly from
js.stripe.com. They never traverse Fyneri's servers. - We receive only Stripe-generated tokens (e.g.,
pm_xxx,cus_xxx) which are useless outside Stripe's environment. - This places Fyneri merchants in PCI-DSS SAQ-A scope (the lowest, smallest self-assessment) rather than the much larger SAQ-D scope or full PCI-DSS Level 1 attestation that direct card handlers must complete.
Stripe maintains PCI-DSS Level 1 certification annually for the cardholder-data environment. Fyneri does not claim or display any PCI-DSS Level certification of its own — we don't need one, by design.
Your responsibility as a merchant: complete an annual PCI SAQ-A questionnaire (single page, ~15 questions) and maintain HTTPS on your checkout-redirecting pages. Stripe provides this questionnaire in your Dashboard.
03GDPR (EU / UK)
For personal information of EU/UK data subjects:
- End customers' personal data — Fyneri is a data processor, you (the merchant) are the controller, Stripe is a sub-processor.
- Merchant personal data (your name, email as account holder) — Fyneri is the controller.
Our Privacy Policy describes the lawful bases we rely on, the categories of data we process, and the rights you can exercise. A signed Data Processing Agreement (DPA) incorporating EU Standard Contractual Clauses is available on request for Scale and Enterprise customers — email contact@fyneri.com with "DPA request" in the subject.
04CCPA / CPRA (California)
Fyneri honors California residents' rights to access, correct, delete, and port their personal information, and to opt out of "sale" or "sharing" — neither of which Fyneri engages in. We honor Global Privacy Control (GPC) signals automatically. See our Privacy Policy for the request process.
05Data residency
Fyneri's primary infrastructure is hosted in AWS region us-east-1 (Northern Virginia, USA). Backups are replicated to us-west-2. We do not currently offer EU-resident storage; if your compliance program requires EU residency, talk to us — it's on the Enterprise roadmap.
Stripe's data residency is controlled by Stripe and described in Stripe's data residency documentation.
06Sub-processors
The current list of Fyneri sub-processors (entities that process personal information on our behalf):
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing & merchant data | USA · Ireland |
| Amazon Web Services, Inc. | Infrastructure hosting & storage | USA |
| Cloudflare, Inc. | CDN, DDoS protection, edge security | Global edge |
| Postmark (ActiveCampaign LLC) | Transactional email | USA |
| Plausible Insights OÜ | Privacy-friendly site analytics (no cookies) | European Union |
| Google Workspace | Internal email and SSO | USA / EU |
Material changes to this list will be communicated to customers at least 30 days in advance. Enterprise customers may pre-approve sub-processors via their MSA.
07SOC 2 roadmap
We are not SOC 2 certified at the time of this writing. Our roadmap target is to complete a SOC 2 Type I within 12 months of general availability, followed by a SOC 2 Type II audit covering a 12-month period. We will publish the date of audit completion on this page and on our status page.
08Sanctions & AML
Merchant identity verification, sanctions screening (OFAC, EU, UK lists), and ongoing AML monitoring are performed by Stripe as part of its merchant onboarding and account-monitoring program. Fyneri does not duplicate these controls. We do, however, screen for and prohibit business categories on our Acceptable Use Policy, which mirrors Stripe's Restricted Businesses list.
09Tax reporting
U.S. 1099-K issuance (for merchants meeting the federal threshold of more than $20,000 gross and 200 transactions in a calendar year, plus state-specific thresholds) is performed by Stripe and delivered electronically through the Stripe Dashboard. Fyneri does not issue 1099-K forms. International tax reporting follows the requirements of each country and is handled by Stripe where applicable.
Fyneri's own corporate tax obligations (federal/state income tax on platform fee revenue) are filed by Fyneri LLC with the IRS and Michigan Department of Treasury.
10DPA, SCCs & security questionnaires
Available on request:
- Data Processing Agreement (DPA) with annex listing sub-processors
- EU Standard Contractual Clauses (SCCs, Module 2 or 3 as applicable)
- UK International Data Transfer Addendum (IDTA)
- Completed vendor security questionnaire (SIG Lite, CAIQ, or custom)
- Penetration test summary (once available, under NDA)
Request these by emailing contact@fyneri.com with the subject "Compliance package".
11Contact
Fyneri LLC · Attn: Compliance
47196 Northgate Dr
Canton, MI 48188-3227
United States
contact@fyneri.com · +1 (947) 265-3492