Skip to main content FreeAgent subprocessors
Version 1.2: This list of subprocessors was updated November 2024. It may be updated in the future and we'll post the updated version here.
To support delivery of our Service, FreeAgent Central Ltd. ("FreeAgent") may engage and use data processors with access to certain service data (each, a "subprocessor"). This page provides important information about the identity, location and role of each subprocessor. Terms used on this page but not defined have the meaning set forth in our General Privacy Notice, Terms of Service and/or Standard Framework Agreement (the "Agreement"). Defined terms used herein shall have the same meaning as defined in the Agreement.
What is a subprocessor
A subprocessor is a third-party data processor engaged by FreeAgent who has, or potentially will have, access to or process service data (which may contain Personal Data). FreeAgent engages different types of subprocessors to perform various functions as explained in the tables below.
Due diligence
FreeAgent undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed subprocessors that will or may have access to, or process, service data.
Contractual safeguards
FreeAgent requires its subprocessors to satisfy equivalent obligations as those required from FreeAgent (as a Data Processor) as set forth in either FreeAgent's, or the corresponding subprocessor's equivalent, Data Processing Addendum.
This policy does not give users of the Service any additional rights or remedies and should not be construed as a binding agreement. The information here is provided for transparency purposes to illustrate FreeAgent's engagement process for subprocessors as well as to provide the actual list of third-party subprocessors used by FreeAgent (as of the date of this policy) which FreeAgent may use in the delivery and support of its Service.
Process to engage new subprocessors
As our business grows and evolves, the subprocessors we engage may also change. We will provide users of the Service with notice of any new subprocessors to the extent required under the Agreement by posting such updates here.
FreeAgent will provide notice via this policy of updates to the list of subprocessors that are utilised, or which FreeAgent proposes to utilise, to deliver its Service. FreeAgent undertakes to keep this list updated regularly to enable users of the Service to stay informed of the scope of subprocessing associated with the Service.
Please check back frequently for updates.
The following is an up-to-date list (as of the date of this policy) of the names and locations of FreeAgent subprocessors.
Infrastructure subprocessors - service data storage
FreeAgent production systems for the Service are located in secure data centre facilities in Ireland. FreeAgent may use the following subprocessors to host service data or provide other infrastructure that helps with the delivery of the Service.
| Entity name | Processing activities | Country(ies) | Adequacy |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud service provider & application security monitoring | United States, United Kingdom, European Union (Ireland) | ISO 27001 Privacy Notice GDPR Link DPA with SCC |
| Google, Inc. | Cloud service provider | United States, European Union | ISO 27001 Privacy Notice GDPR Link DPA with SCC |
| Digital Ocean | Application hosting | United States, European Union | SOC II Privacy Notice GDPR Compliance DPA with SCC |
Security, error tracking & compliance subprocessors
| Entity name | Processing activities | Country(ies) | Adequacy |
|---|---|---|---|
| Datadog | Application performance management | European Union | SOC II Privacy Notice GDPR Compliance |
| Crowdstrike | Log aggregation and analysis | European Union (Germany) | Privacy Notice DPA |
| Sentry.io | Application exception management | United States, European Union (Germany) | Privacy Notice DPA with SCC |
| OneTrust | Cookie management | United States, United Kingdom, European Union | ISO 27001 & SOC II Privacy Notice DPA with SCC |
| NatWest Group | Regulatory compliance | United Kingdom, India | Privacy Notice |
Customer & practice support subprocessors
| Entity name | Processing activities | Country(ies) | Adequacy |
|---|---|---|---|
| Salesforce | Customer management services | European Union (Germany) | ISO 27001 Privacy Notice DPA with SCC |
| ZenDesk | Customer support services | European Union (Germany) | ISO 27001 SOC II & GDPR Compliance Privacy Notice |
| 8x8 | Corporate VoIP | United Kingdom, United States, Singapore | ISO 27001 & SOC II Privacy Notice US DPF |
| Aircall | Corporate VoIP | United Kingdom, United States, European Union | SOC II Privacy Notice DPA |
| On24 | Product webinars | United Kingdom, United States, European Union | Privacy Notice GDPR Compliance SCC DPA |
| EasyLMS | Practice accreditation | European Union (Netherlands) | ISO 27001 Privacy Notice |
| Zapier | Data aggregation and transfer | United States | SOC II Privacy Notice DPA SCC |
| Oracle NetSuite | Financial control | United Kingdom | ISO 27001 & SOC II Privacy Notice |
User research, service improvement & customer survey subprocessors
| Entity name | Processing activities | Country(ies) | Adequacy |
|---|---|---|---|
| Qualtrics | Customer satisfaction surveys | European Union (Germany) | Privacy Notice |
| Typeform | Customer surveys | European Union, United Kingdom, United States | ISO 27001 & SOC II Privacy Notice GDPR Compliance DPA with SCC |
| FormAssembly | Web form and survey generation | United States | ISO 27001 & SOC II Privacy Notice GDPR Compliance DPA with SCC |
| HeyMarvin | User research and service improvement | United States | SOC II Privacy Notice DPA with SCC |
| Consent Kit | User research management | United Kingdom, European Union | Security Controls |
| Maze | User research | United States | Privacy Notice SOC II DPA with SCC |
| Optimal Workshop | User research | New Zealand, United States, European Union | Privacy Notice DPA with SCC |
| Tremendous | User research reimbursement | United States | Privacy Notice DPA with SCC |
Data & analytics subprocessors
| Entity name | Processing activities | Country(ies) | Adequacy |
|---|---|---|---|
| Looker | Business intelligence visualisation | European Union (Germany) | ISO 27001 Privacy Notice |
Product feature subprocessors
| Entity name | Processing activities | Country(ies) | Adequacy |
|---|---|---|---|
| Postmark | Email delivery service | United States | SOC II Privacy Notice GDPR Compliance DPA with SCC |
| Sensibill | Receipt data extraction | Canada | Privacy Notice DPA |
Payment subprocessors
FreeAgent does not store payment card information or you bank account access details. Payment processing and account access information is handled directly by the following third parties according to their respective privacy policies and terms of service.
| Entity name | Processing activities | Country(ies) | Privacy Notice |
|---|---|---|---|
| Stripe | Outsourced payment management | United States, European Union | Privacy Notice |
| Paypal | Outsourced payment management | United States, European Union | Privacy Notice |
| GoCardless | Outsourced payment management | European Union | Privacy Notice |