Infrastructure
Third-Party Supplier Policy
How Finpliq manages suppliers such as hosting, email, payments, HMRC APIs and analytics where configured.
- Owner
- Operations
- Effective from
- 8 July 2026
- Last reviewed
- 8 July 2026
- Review cycle
- Annual or following material change
At a glance
Finpliq should only disclose suppliers that are actually used in production.
Supplier risk is reviewed based on the sensitivity of data processed and service criticality.
Full policy
Supplier categories include hosting/database infrastructure, payment processing such as Stripe where configured, transactional email such as Resend where configured, HMRC APIs where connected and analytics tools where enabled.
Supplier onboarding should review security posture, data location/transfer terms, access controls, availability, breach notification and contractual obligations.
Suppliers should not be granted more access than required. Secrets and API keys must be stored securely.