Sub-processors
Last updated: 29 April 2026
TransactionX is operated by Wealth Recovery Solicitors Limited (WRS). To deliver the service, WRS engages the third parties listed below as sub-processors. Each one is contractually bound by data-protection obligations equivalent to those in our customer Data Processing Addendum (DPA).
| Sub-processor | Service | Data processed | Location | Transfer safeguard |
|---|---|---|---|---|
| Supabase, Inc. | Managed Postgres database, authentication, file storage, edge functions | All customer data: account profile, uploaded statements, parsed transactions, audit logs | EU (eu-west); US support access possible | UK IDTA + UK Addendum to EU SCCs; SOC 2 |
| Cloudflare, Inc. | Edge runtime, CDN, DNS, DDoS protection | Request metadata; IP addresses (hashed before storage) | Global edge | UK IDTA + UK Addendum; ISO 27001 |
| Stripe Payments UK, Ltd. | Subscription billing and payment processing | Customer billing data (name, email, card token, address) | UK / EU / US | Stripe DPA; PCI-DSS Level 1; UK IDTA / SCCs |
| OpenAI / Lovable AI Gateway | LLM-based transaction classification and summarisation | Transaction descriptions only (no full statements; no card numbers) | US / EU | UK IDTA + DPA; contractual no-training on inputs |
| Resend | Transactional email delivery (welcome, receipts, alerts) | Customer email address and email content | EU / US | UK IDTA / SCCs |
Change notice and objection
We will give at least 30 days' prior notice of any addition or replacement of a sub-processor, by email to your registered admin contact and by updating this page (see “Last updated” above). You may object on reasonable data-protection grounds within that period; we will work in good faith to resolve any objection. If we cannot, you may terminate the affected service without penalty for the remainder of your prepaid term.
To subscribe to change notifications, or to raise an objection, email privacy@wrsolicitors.com.
What this list does not include
- Internal tools used by WRS staff that do not process customer personal data.
- One-off professional advisers (auditors, lawyers) bound by professional confidentiality rather than a sub-processor relationship.
Related documents
- Privacy Policy
- Regulatory information
- Trust pack (procurement / security questionnaires)