Data protection
Subprocessors
This page describes the subprocessor categories MatchAudit may use to provide, secure, maintain, and support the service. Named vendor details can be provided through procurement or legal review where appropriate.
Effective date: May 2, 2026
| Category | Purpose | Processing locations |
|---|---|---|
| Cloud hosting and database | Hosting, database, storage, logs, and platform operation | EU/EEA and other locations depending on provider configuration |
| Authentication | User authentication, account sessions, and security controls | EU/EEA and other locations depending on provider configuration |
| Payment processing | Checkout, subscription administration, invoices, and payment status | EU/EEA, UK, US, and other locations covered by transfer safeguards |
| Email and support tooling | Transactional email, support requests, and customer communications | EU/EEA, UK, US, and other locations covered by transfer safeguards |
| AI processing where enabled | KYC extraction, reviewer assistance, and documentation drafting | Provider-controlled processing locations covered by transfer safeguards |
Transfer safeguards
Where personal data is transferred outside the EEA, MatchAudit uses appropriate transfer mechanisms where required, such as adequacy decisions, standard contractual clauses, or equivalent safeguards.
Customers may object to a materially new subprocessor on documented data-protection grounds as described in the Data Processing Addendum.