Sub-processors & International Transfers
Last updated: 25/06/2026
This page summarises the third-party providers Inkless may use when delivering the Services, including document signing, notifications, identity verification, billing, hosting, and support functions.
This page is provided for general transparency and customer due-diligence support. It does not replace the Inkless Data Processing Agreement, Privacy Policy, or any agreed contractual terms.
1. How to read this page
- Sub-processor means a provider Inkless uses to process customer personal data on Inkless's behalf when delivering the Services.
- Optional / customer-enabled means the provider is only used if a customer turns on that feature or integration.
- Transfer position is a high-level summary only and should be read alongside the relevant provider's own documentation and Inkless contractual terms.
2. Current providers
| Provider | Purpose | Typical use | Location / transfer notes |
|---|---|---|---|
| IONOS | Application hosting and infrastructure | Core platform delivery | Used for hosting and infrastructure components relevant to the Inkless platform. |
| Amazon Web Services (AWS) | Document storage and related data services | Core platform delivery | Primary storage may be configured in the UK or EEA. Customers may also enable exports to their own storage destinations. |
| Stripe | Payments, invoicing, and subscription billing | Core platform delivery | May involve processing outside the UK/EEA depending on Stripe service routing and support operations. |
| Mandrill / Mailchimp Transactional | Transactional email delivery | Core platform delivery | Email metadata and recipient details may be processed outside the UK/EEA. |
| Webex Interact | SMS delivery | Optional / customer-enabled | Used when OTP or SMS notifications are enabled for a workflow. |
| Didit Identity, Inc | Identity verification and related proof-of-identity checks | Optional / customer-enabled | Used only where a customer enables ID verification. This may involve international transfers depending on provider hosting and support operations. |
| SSL.com | Document trust services and e-seal support | Optional / configuration-dependent | May process document hashes and related trust-service metadata. |
| Microsoft OneDrive | Customer-selected export destination | Optional / customer-enabled | Used only when a customer connects OneDrive for export or storage workflows. |
3. Customer-enabled integrations and exports
Some Inkless features allow a customer to push completed documents, bundles, metadata, or verification results into third-party systems selected by that customer, for example CRM platforms, cloud storage destinations, or customer-owned AWS S3 buckets.
Where a customer enables those features, Inkless will typically act on that customer's instructions. The customer remains responsible for checking that the destination system, account, region, permissions, notices, and retention settings are appropriate for its use case.
4. International transfers
Some Inkless providers may process personal data outside the UK or EEA, or may permit remote access from outside those territories for support, engineering, fraud prevention, or business continuity purposes.
Where UK-restricted transfers occur, Inkless aims to put in place an appropriate safeguard, which may include:
- an adequacy decision for the destination country;
- the UK International Data Transfer Agreement (IDTA);
- the UK Addendum to the EU Standard Contractual Clauses; or
- another lawful transfer mechanism recognised under UK data protection law.
5. Identity verification workflows
If a customer enables identity verification, personal data processed may include name, email address, phone number, identity document images, extracted document data, selfies, liveness or face-match results, provider reference IDs, verification outcome data, timestamps, IP addresses, and related audit events.
Depending on the workflow and provider configuration, some of this processing may require customers to assess whether special category, biometric, or other heightened UK GDPR rules apply to their use case. Customers should take care to document their lawful basis and any additional condition they rely on where relevant.
Customers using these workflows should ensure they provide an appropriate privacy notice to their end users and identify a lawful basis for the check. Inkless has published a Customer ID Check Privacy Notice Template to help with that process.
6. Changes
Inkless may update this page from time to time as services, providers, regions, or optional features change. If you are a customer conducting vendor due diligence and would like additional information, contact legal@inkless.co.uk.