Protocol Wealth publishes its complete subprocessor list at protocolwealthllc.com/subprocessors — that page is the authoritative, complete enumeration. The version below covers selected production-stack vendors and adds one sentence of context per vendor explaining what it does. The intent is to make the supply chain visible enough that a qualified reviewer or auditor can review the architecture without a phone call.
Every vendor relationship carries contractual restrictions on data use, breach-notification clauses (72-hour closure where applicable), and US-region processing commitments. The authenticated advisor and client applications do not transit Cloudflare; the public-edge layer handles marketing properties only.
AI inference
| Vendor | Role in PW's stack | Attestations on file |
|---|---|---|
| Anthropic, PBC | Primary LLM inference (Claude API) for advisor-supporting research, analysis drafting, and document preparation under human review. Zero Data Retention contracted at the workspace level; US-only inference. Client PII is removed by PW's redaction pipeline before any data is sent. | SOC 2 Type II · ISO 27001 |
| Google LLC (Gemini API) | Brokered, advisor-facing image and graphics generation only (an advisor graphics studio surface and an image tool in the advisor chat). All calls route through PW's backend; there is no client-facing Gemini surface. Paid-tier engagement (no training use, no human review); CCO-approved June 3, 2026. | SOC 1/2/3 · ISO 27001 / 27017 / 27018 / 27701 |
| OpenAI | Whisper API for advisor-initiated voice-memo transcription into PW's internal idea-capture workflow. OpenAI chat and reasoning models are not used; there is no client-facing OpenAI surface. | SOC 2 Type II · DPA on file |
Compute, storage, security
| Vendor | Role in PW's stack | Attestations on file |
|---|---|---|
| Google Cloud Platform | Compute (Cloud Run), database (Cloud SQL Postgres), cache (Memorystore Redis), object storage (GCS), secrets (Secret Manager), audit logs (Cloud Audit Logs). Single-cloud posture is deliberate for ISO/SOC alignment and data sovereignty. | SOC 1/2/3 · ISO 27001 / 27017 / 27018 / 27701 · PCI DSS · FedRAMP High |
| Cloudflare | DNS, CDN, and WAF for public marketing surfaces only. Authenticated advisory surfaces route direct-to-GCP without edge interference. | SOC 2 Type II · ISO 27001 |
Identity verification + AML
| Vendor | Role in PW's stack | Attestations on file |
|---|---|---|
| Veriff OÜ | Natural-person identity verification (KYC). Document + biometric checks; PEP/sanctions screening for natural persons. Webhook callbacks routed through the canonical webhook-receiver primitive. | SOC 2 Type II · ISO 27001 |
| Scorechain S.A.S. (via QuickNode) | Two-layer AML for crypto-touching surfaces: free OFAC + OFSI + MOFA + NBCTF sanctions API, plus paid KYT entity attribution + risk scoring. Selected after Chainalysis Free Sanctions API winding down. | Vendor-risk review active |
| QuickNode, Inc. | Multi-chain RPC infrastructure + the substrate that surfaces Scorechain to PW. | SOC 2 Type II |
| Hadrius, Inc. | AI-aware compliance monitoring and supervision overlay. | Vendor-risk review active |
Custody (separately registered fiduciaries)
| Vendor | Role in PW's stack | Attestations on file |
|---|---|---|
| Altruist Financial LLC | Primary advisory custodian for TradFi assets + billing back-office. SEC/FINRA-registered broker-dealer. | SEC/FINRA oversight · SOC 2 Type II |
| Interactive Brokers LLC | Brokerage and custody for institutional accounts. | SEC/FINRA registered broker-dealer |
| Anchorage Digital Bank, NA | Qualified digital-asset custody. National trust bank charter; OCC oversight. | OCC oversight · SOC 2 Type II |
| BitGo Trust Company | Qualified digital-asset custody. South Dakota banking charter. | SD Banking oversight · SOC 2 Type II |
| Fordefi | MPC wallet infrastructure for PW's onchain operational treasury and for client-directed onchain allocations where PW operates as a co-signer — not qualified custody. PW holds a key share alongside the client (and Coincover backup encryption where applicable). | SOC 2 Type II |
Onboarding + signing
| Vendor | Role in PW's stack | Attestations on file |
|---|---|---|
| Anvil | E-signature with ESIGN/UETA attestation; PDF/A-2b archival output; signed-document state machine. Webhook callbacks routed through the canonical webhook-receiver primitive. | Vendor DD on file |
Data aggregation
| Vendor | Role in PW's stack | Attestations on file |
|---|---|---|
| Quiltt, Inc. (with MX, FinGoal) | Financial-account aggregation; primary path for client-held accounts. Subagent-handled through Quiltt's webhook surface. | SOC 2 Type II |
CRM + transactional
| Vendor | Role in PW's stack | Attestations on file |
|---|---|---|
| Wealthbox | Client relationship management. Custom fields support PW's tax-status, dependents, control-person, and FINRA-affiliation capture. | SOC 2 Type II |
| Postmark | Transactional email delivery. | SOC 2 Type II |
How to read this list
- AI use is narrow and brokered. Anthropic handles primary LLM inference. Two additional surfaces are narrow and advisor-facing — Gemini for advisor graphics generation and OpenAI Whisper for advisor voice-memo transcription — both brokered through PW's backend with no client-facing AI surface. Client PII is removed before any data reaches an external AI vendor.
- Custody is separately fiduciary. Altruist, IBKR, Anchorage, BitGo all carry their own SEC/FINRA/OCC/state-banking oversight. PW does not custody client assets directly.
- Edge layer is marketing-only. Cloudflare fronts the public site; advisory surfaces do not route through Cloudflare.
- Webhook discipline is uniform. Every vendor callback flows through the same six stages (verify, dedup, parse, process, audit, dead-letter). One pattern, one audit trail.
- AML two-layer. Scorechain Free Sanctions API for natural-person-level OFAC screening; Scorechain Risk Assessment API via QuickNode for KYT entity attribution. Veriff handles natural-person OFAC/PEP.
What's NOT in this list
For full disclosure, PW does not currently use:
- Any closed-source compliance-monitoring tool that requires PW to ship client communications to it for AI processing. (We use Hadrius for monitoring; the inference path runs through PW's own audit substrate first.)
- Any portfolio-accounting vendor that takes custody of client data outside the named custodian relationships above.
- Any client-facing AI surface. External AI use is advisor-facing and brokered through PW's backend; client PII is removed before any data reaches an external AI vendor.
If a future vendor is added, the subprocessor list is updated and PW will provide material-change notification to clients per the amended Reg S-P timeline.
Protocol Wealth, LLC · SEC-Registered Investment Adviser · CRD #335298 The canonical subprocessor list is at protocolwealthllc.com/subprocessors. Engineering substrate transparency · aggregate substrate material · not investment advice · not advisory performance.