Third-Party Supplier Policy
How Finpliq manages suppliers such as hosting, email, payments, HMRC APIs and analytics where configured.
At a glance
- Finpliq should only disclose suppliers that are actually used in production.
- Supplier risk is reviewed based on the sensitivity of data processed and service criticality.
Full policy
- Supplier categories include hosting/database infrastructure, payment processing such as Stripe where configured, transactional email such as Resend where configured, HMRC APIs where connected and analytics tools where enabled.
- Supplier onboarding should review security posture, data location/transfer terms, access controls, availability, breach notification and contractual obligations.
- Suppliers should not be granted more access than required. Secrets and API keys must be stored securely.