TradersFlowTradersFlow Back
Compliance

Sub-Processors

TradersFlow uses a small, intentional set of third-party providers to deliver the service. This page lists every sub-processor that may handle personal data on our behalf, what they do, and the categories of data they process.

Last updated: 30 May 2026
01

Overview

A sub-processor is a third party we engage to process personal data on our behalf to provide TradersFlow. Each sub-processor is bound by contractual data-protection terms (including, where applicable, the UK Addendum and Standard Contractual Clauses for international transfers) and is selected for its security and compliance posture.

We may update this list when we add, replace or remove a sub-processor. Material changes are announced in advance by email or in-app notice to subscribed customers.

02

Current sub-processors

ProviderPurposeCategories of dataLocation
Stripe Payments Europe, Ltd.Subscription billing, card processing, invoice payment links, fraud prevention.Stripe customer ID, subscription & invoice metadata, billing email, billing address, payment method tokens (card details are entered into Stripe directly and never reach TradersFlow).EU / US (Stripe operates globally; EU data protection terms apply).
Supabase, Inc. (hosted on AWS)Primary database, authentication, file storage and serverless functions.Account credentials (hashed), profile and business information, customer records, jobs, quotes, invoices, photos and documents, application logs.AWS EU regions (eu-west).
Cloudflare, Inc.DNS, edge networking, TLS termination, DDoS and bot protection, static asset delivery.Request metadata (IP address, user-agent, request paths, timing). No business records are stored by Cloudflare beyond transient edge caching.Global edge network.
Resend (Lovable Email infrastructure)Delivery of transactional emails (verification, password reset, trial reminders, invoices, payment notices) and delivery event reporting (delivered, opened, clicked, bounced, complained, unsubscribed).Recipient email address, sender, subject, rendered email body, delivery and engagement events.EU / US.
Lovable (hosting & deployment platform)Application hosting, edge runtime for server functions, deployment pipeline.Application code, build artefacts, request logs, error traces.EU / global edge.
Plausible AnalyticsPrivacy-friendly, cookie-free product and marketing analytics.Aggregated, anonymised page views and event counts. No personal identifiers, no cross-site tracking, no fingerprinting.EU (Germany).
03

International transfers

Where a sub-processor stores or accesses personal data outside the UK or EEA, we rely on adequacy decisions or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses to safeguard the transfer.

04

Questions

Questions about a specific sub-processor, or to request our Data Processing Addendum: privacy@tradersflow.co.uk.