TTPA services are “Valet-Tailored” for each customer; this site shows examples only. Yours will differ according to your particular needs.

Legal · Bundle 1 · Subprocessors

Five subprocessors. Named, dated, vetable.

Below is every third party that touches your data on our behalf — what they do, where they sit, how the international transfer is legally authorised, and a link to their public DPA. We give 30 days' prior notice on any change and a one-business-day buyer-veto window.

Last updated 2026-06-22.

Change-management — how it works.

  1. Addition or replacement: we publish the proposed change to this page and email all active Buyers via the subprocessor-changes mailing list at least 30 days in advance of the new vendor processing any of your data.
  2. Buyer veto window: you have 1 business day from receipt of the change notice to object in writing to [email protected].
  3. Resolution: if we cannot agree on an alternative, you may terminate the affected service for a pro-rata refund per /legal/refund/ §4.
  4. Notification preferences: by default we email all Buyers. To subscribe to the public newsletter version of the same notification (if you are not yet a Buyer) email [email protected].

The five subprocessors.

Airwallex

Airwallex Hong Kong Limited · Hong Kong (group HQ Australia)

Purpose
Payment processing, card vaulting, 3DS2 challenge, refund execution.
Data categories
Cardholder name, payment-card token, BIN, billing address, transaction amount, IP at checkout.
Data residency
Multi-region (HK / AU / EU per buyer residency).
Transfer mechanism
SCC Module 2 for EU buyers; UK Addendum; AU APP-aligned; HK PDPO compliance.
Public DPA
https://www.airwallex.com/legal/data-processing-agreement
Last reviewed
2026-04-30

Stripe

Stripe Payments Europe, Ltd. (EU) / Stripe, Inc. (US) · Ireland (EU) / United States (Delaware)

Purpose
Payment processing, card vaulting, 3-D Secure, receipts, refund execution (embedded Payment Element).
Data categories
Cardholder name, payment-card token, BIN, billing address, transaction amount, email, IP at checkout.
Data residency
Multi-region (EU for EU buyers; US default).
Transfer mechanism
SCC Module 2 + DPF (EU-US Data Privacy Framework); UK Addendum; AU APP-aligned.
Public DPA
https://stripe.com/legal/dpa
Last reviewed
2026-06-19

Google Workspace

Google Asia Pacific Pte. Ltd. · Singapore (parent: Alphabet Inc., USA)

Purpose
Email (Gmail), shared drive (Drive), calendar bookings (Appointment Schedules), document collaboration on TTPA-internal docs.
Data categories
Sender / recipient address, message body, attachments, calendar invitee details, document content.
Data residency
Multi-region per Google Cloud regions; in-flight TLS 1.3.
Transfer mechanism
Google Workspace DPA + SCCs Module 2 + DPF.
Public DPA
https://workspace.google.com/terms/dpa_terms.html
Last reviewed
2026-04-30

LastPass

LastPass US LP · United States (Massachusetts)

Purpose
Encrypted credential vault operated by Toptronic. Buyer LinkedIn credentials are held in Toptronic's LastPass tenant and are NOT accessible to the TTPA operator; the credentials are used only on the buyer's dedicated, physically-secured laptop, which the TTPA reaches over a time-restricted, PIN-enabled encrypted remote-desktop link. The TTPA never sees the username or password.
Data categories
Encrypted vault blobs (buyer LinkedIn login) held in Toptronic's LastPass tenant. The TTPA operator has no access to the vault and never sees plaintext credentials.
Data residency
US-East primary; encrypted at rest under Toptronic's LastPass master password (zero-knowledge to LastPass).
Transfer mechanism
SCC Module 2 + DPF (EU-US Data Privacy Framework); buyer credential data is processed by Toptronic under the TTPA DPA.
Public DPA
https://www.lastpass.com/security/zero-knowledge-security
Last reviewed
2026-06-22

Plausible Analytics

Plausible Insights OÜ · Estonia (EU)

Purpose
Aggregate page-view + first-party 11-event analytics — ZERO third-party tracking pixels, ZERO cookies, ZERO cross-site identity.
Data categories
Anonymised page-view counts, referrer origin, country (geoIP, no city), device class. NO cookie. NO IP retained.
Data residency
EU (Hetzner Frankfurt + Helsinki). Self-hosted as the primary path; plausible.io fallback only when self-host degrades.
Transfer mechanism
EU GDPR-native — no transfer mechanism needed for EU buyers. SCCs Module 2 + DPF for non-EU buyers.
Public DPA
https://plausible.io/dpa
Last reviewed
2026-04-30

Why LinkedIn is not on this list.

LinkedIn is a service Buyer interacts with directly under their own LinkedIn account and LinkedIn Terms of Service. Toptronic operates Buyer's LinkedIn account on Buyer's behalf via a named human operator; we do not transmit Buyer's personal data to LinkedIn as a separate controller-processor flow. Buyer's relationship with LinkedIn is direct.