Sub-processors & International Transfers

Last updated: 25/06/2026

This page summarises the third-party providers Inkless may use when delivering the Services, including document signing, notifications, identity verification, billing, hosting, and support functions.

This page is provided for general transparency and customer due-diligence support. It does not replace the Inkless Data Processing Agreement, Privacy Policy, or any agreed contractual terms.

1. How to read this page

2. Current providers

Provider Purpose Typical use Location / transfer notes
IONOS Application hosting and infrastructure Core platform delivery Used for hosting and infrastructure components relevant to the Inkless platform.
Amazon Web Services (AWS) Document storage and related data services Core platform delivery Primary storage may be configured in the UK or EEA. Customers may also enable exports to their own storage destinations.
Stripe Payments, invoicing, and subscription billing Core platform delivery May involve processing outside the UK/EEA depending on Stripe service routing and support operations.
Mandrill / Mailchimp Transactional Transactional email delivery Core platform delivery Email metadata and recipient details may be processed outside the UK/EEA.
Webex Interact SMS delivery Optional / customer-enabled Used when OTP or SMS notifications are enabled for a workflow.
Didit Identity, Inc Identity verification and related proof-of-identity checks Optional / customer-enabled Used only where a customer enables ID verification. This may involve international transfers depending on provider hosting and support operations.
SSL.com Document trust services and e-seal support Optional / configuration-dependent May process document hashes and related trust-service metadata.
Microsoft OneDrive Customer-selected export destination Optional / customer-enabled Used only when a customer connects OneDrive for export or storage workflows.

3. Customer-enabled integrations and exports

Some Inkless features allow a customer to push completed documents, bundles, metadata, or verification results into third-party systems selected by that customer, for example CRM platforms, cloud storage destinations, or customer-owned AWS S3 buckets.

Where a customer enables those features, Inkless will typically act on that customer's instructions. The customer remains responsible for checking that the destination system, account, region, permissions, notices, and retention settings are appropriate for its use case.

4. International transfers

Some Inkless providers may process personal data outside the UK or EEA, or may permit remote access from outside those territories for support, engineering, fraud prevention, or business continuity purposes.

Where UK-restricted transfers occur, Inkless aims to put in place an appropriate safeguard, which may include:

5. Identity verification workflows

If a customer enables identity verification, personal data processed may include name, email address, phone number, identity document images, extracted document data, selfies, liveness or face-match results, provider reference IDs, verification outcome data, timestamps, IP addresses, and related audit events.

Depending on the workflow and provider configuration, some of this processing may require customers to assess whether special category, biometric, or other heightened UK GDPR rules apply to their use case. Customers should take care to document their lawful basis and any additional condition they rely on where relevant.

Customers using these workflows should ensure they provide an appropriate privacy notice to their end users and identify a lawful basis for the check. Inkless has published a Customer ID Check Privacy Notice Template to help with that process.

6. Changes

Inkless may update this page from time to time as services, providers, regions, or optional features change. If you are a customer conducting vendor due diligence and would like additional information, contact legal@inkless.co.uk.