Psychnex is the world's first behavioral financial OS — combining AI financial specialists, human advisors, and proprietary FinPsych profiling to help individuals, families, and businesses build lasting financial wellness.

How does FinPsych profiling work?

FinPsych profiling identifies your money personality type from 6 core types: Fear-Driven Saver, Impulsive Spender, Avoidant Earner, Strategic Builder, Status Spender, or Guilt Giver. Start with the free 5-question quiz (60 seconds), then unlock the full 15-question assessment for a complete behavioral profile. Your type drives AI advisor matching and personalized financial recommendations.

How much does Psychnex cost?

Psychnex offers a 14-day free trial with no credit card required. Paid plans start at $29/month for individuals, $59/month for families, $149/month for small businesses, and $499/month for enterprise. 100 founding member spots are available at permanently locked-in rates.

Is my financial data secure?

Yes. All data is encrypted at rest and in transit. Psychnex is building toward SOC 2 Type II, GDPR, CCPA, and HIPAA compliance. We never sell user data to third parties.

Who is Psychnex designed for?

Psychnex serves individuals, families, blue-collar workers, first responders, healthcare professionals, small business owners, and enterprises. Each user group has a dedicated portal with tailored financial tools, AI advisors, and specialist matching.

Psychnex

Vendor Risk Management Policy

Third-Party VendorRisk Management

How Psychnex evaluates, contracts with, and continuously monitors every third-party vendor that touches our platform or your data. Security is only as strong as the weakest link in the supply chain.

Vendors Reviewed

Vendor Tiers

100%

Tier 1 DPAs Executed

Quarterly

Critical Vendor Reviews

Policy Scope Vendor Tiers Assessment Lifecycle Current Vendors Offboarding

Policy Scope & Purpose

Purpose

This policy establishes how Psychnex assesses and manages risks associated with third-party vendors that process, store, or transmit Psychnex user data or provide critical platform services. It is a required control under NIST SP 800-53 SA-9 (External System Services), GLBA Safeguards Rule §314.4(f), and FedRAMP Moderate baseline.

Scope

Applies to all third-party software vendors, cloud service providers, API integrations, SaaS platforms, and any other external service that: (a) processes or stores user PII, NPI, or financial data; (b) provides critical platform infrastructure; or (c) has network-level access to Psychnex production systems.

Vendor Tier Classification

Tier 1 — Critical

Criteria

Direct access to user PII, NPI, or financial data; system unavailability causes immediate platform failure

Required Controls

DPA required, SOC 2 Type II or equivalent required, quarterly review, security questionnaire (CAIQ/SIG)

Examples

Supabase, Stripe, Plaid, AWS

Tier 2 — Important

Criteria

Access to limited PII (e.g., phone numbers); system unavailability degrades platform but doesn't cause failure

Required Controls

DPA required, SOC 2 or ISO 27001 reviewed, annual review, privacy policy review

Examples

Twilio, Shopify, OpenAI, Google Maps

Tier 3 — Limited

Criteria

No access to PII; analytics, CDN, or content delivery only; easily substitutable

Required Controls

Examples

Google Analytics, CDN providers, font services

Assessment Lifecycle

Phase 1

Initial Vendor Assessment

Tier classification (Tier 1/2/3) based on data access, criticality, and integration depth
Review of vendor security certifications: SOC 2, ISO 27001, PCI DSS, FedRAMP status
Review of publicly available privacy policy and data processing agreements
Security questionnaire sent for Tier 1 vendors (CAIQ or SIG Lite)
Legal review of DPA / data processing terms for all vendors with PII access

Phase 2

Contract & Legal Controls

Data Processing Agreement (DPA) or equivalent executed before production use
Sub-processor disclosure requirements included in all Tier 1 DPAs
Breach notification obligations (typically 48–72 hours) contractually required
Right to audit clauses for Tier 1 vendors where available
Data deletion / return on contract termination terms confirmed

Phase 3

Ongoing Monitoring

Tier 1 vendors reviewed quarterly; Tier 2 annually; Tier 3 biannually
Vendor status page subscriptions for uptime and security incident notifications
Annual certification renewal verification (SOC 2, ISO 27001 recertification)
News / threat intelligence monitoring for vendor compromise events
Vendor change notifications reviewed (sub-processor changes, infrastructure changes)

Phase 4

Incident & Offboarding

Vendor breach triggers immediate Psychnex incident response review
If vendor breach exposes Psychnex user data: Data Breach Notification Policy activated
Vendor offboarding: revoke all API keys, tokens, and access credentials within 24 hours
Data deletion confirmation requested within 30 days of offboarding
POA&M updated with any control gaps identified via vendor incident

Current Vendor Register

Click any vendor to expand full assessment details.

Sub-Processor Transparency

Under GDPR Article 28 and CCPA regulations, Psychnex is required to maintain a list of sub-processors — third parties to whom we transfer user personal data for processing. The vendors listed in this document constitute Psychnex's complete sub-processor register. We will notify enterprise clients of any material sub-processor changes with a minimum 30-day notice period, as required by our DPA terms.

Supabase (PostgreSQL/Auth/Storage)AWS us-east-1 (via Supabase)Stripe (Payments)Plaid (Bank Connectivity — user consent)Twilio (MFA/VOIP)OpenAI (AI — anonymized only)

Enterprise DPA Note: Enterprise clients who have executed a Data Processing Agreement with Psychnex will receive 30 days' advance notice of any changes to this sub-processor list. To execute a DPA or receive sub-processor change notifications, contact compliance@psychnex.com.

Vendor Risk Questions?

Enterprise procurement teams, government assessors, and compliance officers can request our full vendor risk assessment documentation, completed security questionnaire responses, and DPA templates.

Request VRM Package Trust Center

Privacy & Consent

We protect your data and never sell it to third parties.

Third-Party VendorRisk Management

Policy Scope & Purpose

Purpose

Scope

Vendor Tier Classification

Tier 1 — Critical

Tier 2 — Important

Tier 3 — Limited

Assessment Lifecycle

Initial Vendor Assessment

Contract & Legal Controls

Ongoing Monitoring

Incident & Offboarding

Current Vendor Register

Supabase

Stripe

Shopify

Plaid

Twilio

OpenAI / AI Model Providers

AWS (via Supabase)

Google Analytics / Firebase

Sub-Processor Transparency

Vendor Risk Questions?