Skip to main content
Finpliq
Start free
← Policy library

Infrastructure

Third-Party Supplier Policy

How Finpliq manages suppliers such as hosting, email, payments, HMRC APIs and analytics where configured.

Owner
Operations
Effective from
8 July 2026
Last reviewed
8 July 2026
Review cycle
Annual or following material change

At a glance

Finpliq should only disclose suppliers that are actually used in production.

Supplier risk is reviewed based on the sensitivity of data processed and service criticality.

Full policy

Supplier categories include hosting/database infrastructure, payment processing such as Stripe where configured, transactional email such as Resend where configured, HMRC APIs where connected and analytics tools where enabled.

Supplier onboarding should review security posture, data location/transfer terms, access controls, availability, breach notification and contractual obligations.

Suppliers should not be granted more access than required. Secrets and API keys must be stored securely.