Legal · Bundle 1 · Subprocessors
Five subprocessors. Named, dated, vetable.
Below is every third party that touches your data on our behalf — what
they do, where they sit, how the international transfer is legally
authorised, and a link to their public DPA. We give 30 days' prior
notice on any change and a one-business-day buyer-veto window.
Last updated 2026-06-22.
Change-management — how it works.
- Addition or replacement: we publish the proposed
change to this page and email all active Buyers via the
subprocessor-changes mailing list at least 30 days in
advance of the new vendor processing any of your data.
- Buyer veto window: you have 1 business day
from receipt of the change notice to object in writing to
dpo@toptronic.com.
- Resolution: if we cannot agree on an alternative,
you may terminate the affected service for a pro-rata refund per
/legal/refund/ §4.
- Notification preferences: by default we email all
Buyers. To subscribe to the public newsletter version of the same
notification (if you are not yet a Buyer) email
subprocessor-changes@toptronic.com.
The five subprocessors.
- Purpose
- Payment processing, card vaulting, 3DS2 challenge, refund execution.
- Data categories
- Cardholder name, payment-card token, BIN, billing address, transaction amount, IP at checkout.
- Data residency
- Multi-region (HK / AU / EU per buyer residency).
- Transfer mechanism
- SCC Module 2 for EU buyers; UK Addendum; AU APP-aligned; HK PDPO compliance.
- Public DPA
- https://www.airwallex.com/legal/data-processing-agreement
- Last reviewed
- 2026-04-30
- Purpose
- Payment processing, card vaulting, 3-D Secure, receipts, refund execution (embedded Payment Element).
- Data categories
- Cardholder name, payment-card token, BIN, billing address, transaction amount, email, IP at checkout.
- Data residency
- Multi-region (EU for EU buyers; US default).
- Transfer mechanism
- SCC Module 2 + DPF (EU-US Data Privacy Framework); UK Addendum; AU APP-aligned.
- Public DPA
- https://stripe.com/legal/dpa
- Last reviewed
- 2026-06-19
- Purpose
- Email (Gmail), shared drive (Drive), calendar bookings (Appointment Schedules), document collaboration on TTPA-internal docs.
- Data categories
- Sender / recipient address, message body, attachments, calendar invitee details, document content.
- Data residency
- Multi-region per Google Cloud regions; in-flight TLS 1.3.
- Transfer mechanism
- Google Workspace DPA + SCCs Module 2 + DPF.
- Public DPA
- https://workspace.google.com/terms/dpa_terms.html
- Last reviewed
- 2026-04-30
- Purpose
- Encrypted credential vault operated by Toptronic. Buyer LinkedIn credentials are held in Toptronic's LastPass tenant and are NOT accessible to the TTPA operator; the credentials are used only on the buyer's dedicated, physically-secured laptop, which the TTPA reaches over a time-restricted, PIN-enabled encrypted remote-desktop link. The TTPA never sees the username or password.
- Data categories
- Encrypted vault blobs (buyer LinkedIn login) held in Toptronic's LastPass tenant. The TTPA operator has no access to the vault and never sees plaintext credentials.
- Data residency
- US-East primary; encrypted at rest under Toptronic's LastPass master password (zero-knowledge to LastPass).
- Transfer mechanism
- SCC Module 2 + DPF (EU-US Data Privacy Framework); buyer credential data is processed by Toptronic under the TTPA DPA.
- Public DPA
- https://www.lastpass.com/security/zero-knowledge-security
- Last reviewed
- 2026-06-22
- Purpose
- Aggregate page-view + first-party 11-event analytics — ZERO third-party tracking pixels, ZERO cookies, ZERO cross-site identity.
- Data categories
- Anonymised page-view counts, referrer origin, country (geoIP, no city), device class. NO cookie. NO IP retained.
- Data residency
- EU (Hetzner Frankfurt + Helsinki). Self-hosted as the primary path; plausible.io fallback only when self-host degrades.
- Transfer mechanism
- EU GDPR-native — no transfer mechanism needed for EU buyers. SCCs Module 2 + DPF for non-EU buyers.
- Public DPA
- https://plausible.io/dpa
- Last reviewed
- 2026-04-30
Why LinkedIn is not on this list.
LinkedIn is a service Buyer interacts with directly under their own
LinkedIn account and LinkedIn Terms of Service. Toptronic operates
Buyer's LinkedIn account on Buyer's behalf via a named human operator;
we do not transmit Buyer's personal data to LinkedIn as a separate
controller-processor flow. Buyer's relationship with LinkedIn is
direct.