Skip to main content FreeAgent subprocessors
Version 1.3: This list of subprocessors was updated June 2026. It may be updated in the future and we'll post the updated version here.
To support delivery of our Service, FreeAgent Central Limited (“FreeAgent”) may engage and use data processors with access to certain service data (each, a “subprocessor”). This page provides important information about the identity, location and role of each subprocessor. Terms used on this page but not defined have the meaning set forth in our General Privacy Notice, Terms of Service and/or Standard Framework Agreement (the “Agreement”). Defined terms used herein shall have the same meaning as defined in the Agreement.
The subprocessors we engage may change. We will provide users of the Service with notice of any new subprocessors to the extent required under the Agreement by posting such updates here.
FreeAgent undertakes to keep this list updated regularly to enable users of the Service to stay informed of the scope of subprocessing associated with the Service.
Subprocessors
| Entity name | Processing activities | Country(ies) | Controls & further information |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud service provider & application security monitoring | United States, United Kingdom, European Union (Ireland) | ISO 27001 Privacy Notice GDPR Data Processing Addendum |
| Google, Inc. | Cloud service provider & application security | United States, European Union | ISO 27001 Privacy Notice GDPR Link Data Processing Addendum |
| Digital Ocean | Application hosting | United States, European Union | SOC II Privacy Notice GDPR Compliance Data Processing Addendum |
| Datadog | Application performance management | European Union | SOC II Privacy Notice GDPR Compliance Data Processing Addendum |
| Crowdstrike | Log aggregation and analysis | European Union (Germany) | ISO 27001 & SOC II Privacy Notice Data Processing Addendum |
| Sentry.io | Application exception management | United States, European Union (Germany) | ISO 27001 & SOC II Privacy Notice Data Processing Addendum |
| OneTrust | Cookie management | United States, United Kingdom, European Union | ISO 27001 & SOC II Privacy Notice Data Processing Addendum |
| NatWest Group | Regulatory compliance | United Kingdom, India | Privacy Notice |
| Google, Inc. (Google Workspace) | Internal communication and collaboration | United States, European Union | ISO 27001 Privacy Notice GDPR Commitment Data Processing Addendum |
| Google, Inc. (Google reCAPTCHA) | Application security | United States, European Union | ISO 27001 Privacy Notice GDPR Commitment Data Processing Addendum |
| Google Looker | Business intelligence visualisation | European Union (Germany) | ISO 27001 Privacy Notice |
| Postmark | Email delivery service | United States | SOC II Privacy Notice GDPR Compliance Data Processing Addendum |
| Slack | Internal communication and collaboration | United States | ISO 27001 & SOC II Privacy Notice GDPR Commitment Data Processing Addendum |
| Salesforce | Customer management services | European Union (Germany) | ISO 27001 Privacy Notice Data Processing Addendum |
| ZenDesk | Customer support services | European Union (Germany) | ISO 27001 & SOC II Privacy Notice Data Processing Addendum |
| 8x8 | Corporate VoIP | United Kingdom, United States, Singapore | ISO 27001 & SOC II Privacy Notice Data Privacy Framework |
| Aircall | Corporate VoIP | United Kingdom, United States, European Union | SOC II Privacy Notice Data Processing Addendum |
| On24 | Product webinars | United Kingdom, United States, European Union | Privacy Notice GDPR Compliance Data Processing Addendum |
| EasyLMS | Practice accreditation | European Union (Netherlands) | ISO 27001 Privacy Notice Data Processing Addendum |
| Zapier | Data aggregation and transfer | United States | SOC II Privacy Notice Data Processing Addendum |
| Oracle NetSuite | Financial control | United Kingdom | ISO 27001 & SOC II Privacy Notice Data Processing Addendum |
| Qualtrics | Customer satisfaction surveys | European Union (Germany) | Privacy Notice Data Processing Addendum |
| Typeform | Customer surveys | European Union, United Kingdom, United States | ISO 27001 & SOC II Privacy Notice & Data Processing Addendum GDPR Compliance |
| FormAssembly | Web form and survey generation | United States | ISO 27001 & SOC II Privacy Notice GDPR Compliance Data Processing Addendum |
| HeyMarvin | User research and service improvement | United States | SOC II Privacy Notice Data Processing Addendum |
| Participant Kit | User research management | United Kingdom, European Union | Security Controls Data Processing Addendum |
| Optimal Workshop | User research | New Zealand, United States, European Union | Privacy Notice Data Processing Addendum |
| Tremendous | User research reimbursement | United States | Privacy Notice Data Processing Addendum |
Payment subprocessors
FreeAgent does not store payment card information or your bank account access details. Payment processing and account access information is handled directly by the following third parties according to their respective privacy policies and terms of service.
| Entity name | Processing activities | Country(ies) | Privacy Notice |
|---|---|---|---|
| Stripe | Outsourced payment management | United States, European Union | Privacy Notice |
| Paypal | Outsourced payment management | United States, European Union | Privacy Notice |
| GoCardless | Outsourced payment management | European Union | Privacy Notice |