Legal
Subprocessors
Third parties that process personal data to operate FinnAccountings.
Last updated: 15 July 2026
1. Introduction
FinnAccountings Limited engages subprocessors to help deliver the FinnAccountings Service. This page lists organisations that process personal data on our behalf under written agreements requiring GDPR-compliant safeguards.
When we process Customer Data on your instructions, we act as a processor and these organisations act as our subprocessors. See our Data Processing Agreement and Privacy Policy.
2. Current subprocessors
- Amazon Web Services (AWS) — Cloud hosting, databases, object storage, networking. Location: EEA / UK regions (primary); US for some managed services with SCCs.
- Cloudflare — CDN, DNS, WAF, and static site delivery. Location: Global edge network with EU/UK processing options.
- Stripe — Subscription billing and payment processing. Location: EEA / US (Stripe DPA & SCCs).
- Resend — Transactional email delivery. Location: US / EEA (provider DPA).
- OpenAI — AI model inference for chat, categorisation, and document understanding. Location: US / EEA (DPA; Customer Data not used to train public models).
- PostHog — Product analytics (consent-based). Location: EU cloud or configured region.
- Google (Analytics / AdSense / Clarity where enabled) — Analytics and advertising measurement (consent-based). Location: Global (Google DPAs / SCCs).
- Open Banking AISPs (e.g. AIB / BOI rails via regulated partners) — Read-only bank account information with your consent. Location: Ireland / United Kingdom.
3. Changes
We may update this list when we add or replace subprocessors. Material changes will be reflected on this page. Enterprise customers under a signed DPA may receive advance notice as specified in that agreement.
4. Contact
Questions: privacy@finnaccounts.com or dpo@finnaccounts.com.
