Policies
Last updated: 29 June 2026
Sub-Processor List
This page lists the third-party sub-processors that Calceum Limited (“Calceum”) engages to process personal data, both within its platform on behalf of its customers and in operating its own business. Each sub-processor is bound by a written contract providing protections equivalent to those in Calceum’s Data Processing Agreement, and Calceum remains responsible to its customers for their processing.
1. Sub-processors
| Sub-processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud hosting, storage, email, and AI inference / transcription (AWS Bedrock) | UK, EU | UK GDPR · DPA |
| Smart Path IT Ltd | Managed infrastructure and security support | UK | UK GDPR · DPA (Art 28) |
| Mistral AI | Transaction categorisation and document OCR | EU | EU GDPR · DPA |
| Datadog, Inc. | Monitoring and observability | EU | EU GDPR · DPA |
| Recall.ai | Meeting recording and transcription | EU | EU GDPR · DPA |
| Meta Platforms (WhatsApp Business) | Client messaging channel | US | DPF · SCC · DPA |
| Didit | Identity verification and AML/KYC | EU | EU GDPR · DPA |
| Cal.com, Inc. | Appointment scheduling and bookings | EU / US | DPF · DPA |
| Loops, Inc. | Email marketing and CRM (website sign-ups) | US | DPF · DPA |
| Google LLC | Website analytics; mapping and geocoding; business email and documents | US / EU | DPF · DPA |
| ip-api.com | Login-IP geolocation | US | DPA |
2. Payment processors
Calceum does not store card information or bank-access details and does not hold client funds. These providers handle payment and open-banking data directly under their own terms.
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| [ ] | Open banking (AIS/PIS); Calceum acts as its agent, FCA FRN [ ] | UK | UK GDPR · DPA |
| Stripe, Inc. | Card payments and subscription billing | US / EU | DPF · IDTA · DPA |
| GoCardless Ltd | Direct Debit collection | UK | UK GDPR · DPA |
3. Integrations you connect
Connected by the practice or its clients and acting as independent controllers or your own data sources. Calceum does not engage them to process data on its behalf; listed for transparency.
| Service | Role |
|---|---|
| HMRC | Statutory recipient - MTD, Self Assessment, Corporation Tax filings |
| Companies House | Company data and statutory filings |
| FreeAgent | User-connected accounting integration |
| Xero | User-connected accounting / practice-manager integration |
| Shopify | User-connected sales data source |
| Square | User-connected sales data source |
| Stripe Connect | Practice connects its own Stripe account |
| Google account | Gmail, Calendar, Sheets, Drive (opt-in) |
4. Notification of changes
Calceum will give at least 14 days’ notice of any new or replacement sub-processor, by email and by updating this page. A customer may object on legitimate data-protection grounds within the notice period and, if unresolved, terminate the affected services. See Section 5 of the Data Processing Agreement.