About this page
Fenchurch Compliance is a self-serve compliance platform provided by RegTechPRO Limited. As described in our Data Processing Agreement, we engage a small number of trusted third-party service providers ("sub-processors") to help us deliver the platform. Each sub-processor processes personal data only on our documented instructions and under a written contract that imposes the obligations required by Article 28 of the UK GDPR.
This page lists the sub-processors currently authorised to process personal data on behalf of the firms that subscribe to Fenchurch Compliance. In respect of your firm's own compliance data, your firm is the controller and RegTechPRO Limited (together with each sub-processor below) acts as a processor. In respect of your account and billing data — your name, email address and subscription details — RegTechPRO Limited is the controller.
We keep the list on this page current. You can subscribe to advance notice of any change to our sub-processors by emailing support@fenchurchcompliance.co.uk.
Current sub-processors
The following sub-processors are authorised to process personal data in connection with the Fenchurch Compliance service.
| Sub-processor | Purpose | Data processed | Location & transfer |
|---|---|---|---|
|
Cloudflare, Inc. Privacy policy |
Hosting (Pages), edge compute (Workers), application database (D1), file storage (R2), and CDN / web-application firewall | All platform data, at rest and in transit | Data at rest in Cloudflare's Western Europe (WEUR) region, within the UK and EU. Runs on ISO 27001, SOC 2 and PCI DSS certified infrastructure. |
|
Stripe Payments Europe, Ltd Privacy policy |
Payment processing and subscription billing | Subscriber name, email address and billing details; card data is handled directly by Stripe (PCI DSS Level 1) | Contracts through an EU entity (Ireland); global infrastructure operated under appropriate safeguards. |
|
Postmark (operated by ActiveCampaign, LLC) Privacy policy |
Sends one-time login codes and notification emails | Recipient email address and email content | United States — transfers under appropriate safeguards (Standard Contractual Clauses with the UK IDTA Addendum). |
|
Anthropic PBC Privacy policy |
AI processing for AI-generated compliance reports and the in-platform assistant | The firm's own compliance data submitted for report generation | United States — under appropriate safeguards. Under Anthropic's commercial terms, data submitted via the API is not used to train models. |
We use a deliberately small set of sub-processors. Login is by one-time email code, billing runs through Stripe, transactional email through Postmark, and AI reports through Anthropic — all built on Cloudflare's certified infrastructure.
International data transfers
Your firm's compliance data is stored at rest in Cloudflare's Western Europe (WEUR) region, within the UK and EU. Where a sub-processor processes personal data outside the UK, we ensure an appropriate transfer mechanism is in place under the UK GDPR and the Data Protection Act 2018.
For our US-based sub-processors (Postmark and Anthropic), transfers are made under appropriate safeguards — typically the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or transfers to a recipient covered by an adequacy decision. Stripe contracts through an EU entity, Stripe Payments Europe, Ltd, with global infrastructure operated under equivalent safeguards. We do not transfer personal data to any jurisdiction without an adequate level of protection or such safeguards in place.
Changes to this list
In accordance with our Data Processing Agreement, we will give at least 30 days' notice before we add or replace a sub-processor. You may object to a proposed change on reasonable data-protection grounds by contacting us within 14 days of the notice, and we will work with you in good faith to address your concern. This page is updated to reflect any change that takes effect.
Contact us
For questions about our sub-processors, or to request copies of the relevant data-processing terms, please contact us.
Data protection enquiries
RegTechPRO Limited — operator of the Fenchurch Compliance service.
Registered in England & Wales, company number 10707766.
Email: support@fenchurchcompliance.co.uk
ICO data-controller registration: ZC177446.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.