Legal & Compliance
Sub-Processor List
Last updated: 30 May 2026
Under UK GDPR Article 28, we are required to disclose the third-party sub-processors that process personal data on our behalf. This page provides full transparency about who processes your data, what data they receive, and where processing occurs.
Key commitments:No sub-processor uses your content to train foundation AI models. Some sub-processors retain limited operational metadata (for example, to provide their service or to fulfil a billing record); where a sub-processor's own policy permits broader use of customer data to improve its service, we describe that below and pursue the available opt-out under UK / EU GDPR. We notify paying customers at least 30 days before adding a new sub-processor.
AI Inference
| Provider | Service | Data Received | Location |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Managed large-language-model inference and supporting AI services, all in the UK region | Query text, extracted document text, conversation context | UK |
- Does NOT receive: Your original documents (digital files are parsed in your browser), personal details, payment information.
- Training: Your data is never used to train AI models. Contractually guaranteed.
- Retention: Queries are processed in real time and not retained beyond the inference request.
Cloud Infrastructure and Storage
| Provider | Service | Data Received | Location |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Application hosting, compute, short-lived OCR processing for scanned documents, and encrypted object storage | Application logs, service metadata, scanned-document bytes (processed and discarded), large-file uploads (held briefly while OCR runs, then deleted) | UK |
| Managed database service | Primary application database, hosted in the UK region by an established managed-database provider under UK GDPR Article 28 terms | User accounts, conversation metadata, token usage, matter management data (matter metadata, client / party information, time entries, key dates, conflict records, collaboration data) | UK |
Legal-Source Search
| Provider | Service | Data Received | Location |
|---|---|---|---|
| Independent web-search API | Web search used to surface UK legal sources; restricted to a UK legal and government allowlist with query sanitisation | Sanitised search queries derived from your questions (emails, phone numbers, postcodes and recognised personal-name patterns are stripped before transmission) | EU / US, transfers protected under the UK IDTA or the UK Addendum to the EU SCCs |
| The National Archives | UK case-law API (court judgments) | Search queries only | United Kingdom |
| legislation.gov.uk | UK legislation search API | Search queries only | United Kingdom |
- Web search: The provider does not log or track API queries on a per-user basis. Where the provider’s infrastructure processes data outside the UK, Writford relies on the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses.
- National Archives & legislation.gov.uk: UK Government services. Open data under Open Justice / Open Government licence.
Payment Processing
| Provider | Service | Data Received | Location |
|---|---|---|---|
| Stripe | Subscription billing, payment processing | Name, email, payment card details, billing address | EU/UK (with UK adequacy decision) |
- Does NOT receive: Chat content, documents, legal data, or any AI-processed information
- Security: PCI DSS Level 1 certified (highest level of payment security)
Communication
| Provider | Service | Data Received | Location |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Transactional email delivery (verification codes, account notifications, password reset, billing alerts) | Recipient email address, system-generated email content only | UK |
Website Analytics
| Provider | Service | Data Received | Location |
|---|---|---|---|
| Google LLC (Google Analytics 4) | Cookieless website analytics, page views, traffic sources, aggregate usage. Configured with client_storage: 'none' and anonymised IP. No cookies set on visitor devices. | Anonymised IP address, page URL, referrer, browser/device type | US (Google LLC, subject to EU–US Data Privacy Framework and UK adequacy decision) |
| Ahrefs Pte. Ltd. (Ahrefs Analytics) | Cookieless website analytics. No cookies set on visitor devices. | Anonymised page URL, referrer, aggregate traffic data | SG/US (Ahrefs Pte. Ltd.) |
- No user identifiers: Neither analytics provider receives account data, email addresses, legal content, or matter data.
- No cookies: Both providers are configured in cookieless mode, no analytics cookies are set on visitor devices. PECR consent is not required.
Connectors and Integrations
| Provider | Service | Data Received | Location |
|---|---|---|---|
| Google LLC | Google Drive API — reads individual files you explicitly select via the Google Drive file-attachment connector in Writford Chat | OAuth authorisation token scoped to drive.file; content of the specific file(s) you select | US (EU–US Data Privacy Framework; Google API Services User Data Policy applies) |
| Microsoft Corporation | OneDrive API — reads individual files you explicitly select via the OneDrive file-attachment connector in Writford Chat; Microsoft Office Add-in Marketplace — hosts and distributes the Writford for Outlook add-in | Short-lived scoped access token; content of the specific file(s) you select; for Outlook add-in: email subject, sender, and body of the email you open (processed in real time, not stored) | EU/US (Microsoft EU Data Boundary; standard contractual clauses where applicable) |
- Google Drive: We use the
drive.filescope only — this restricts access to files you explicitly open via Writford. We do not access your broader Drive contents. Use of Google user data adheres to the Google API Services User Data Policy, including Limited Use requirements. - Microsoft OneDrive: The access token is short-lived and scoped to the selected file. We do not index or browse your OneDrive.
- Writford for Outlook: Email content (subject, sender, body) is transmitted for real-time AI processing and is not retained. The full mechanism is described in Section 6A of our Privacy Policy.
- No connector stores original files: All files retrieved via connectors are handled identically to directly uploaded documents — original bytes are never written to long-term storage.
Sub-Processors We Do NOT Use
- No advertising networks or ad-tracking pixels (no Meta Pixel, LinkedIn Insight Tag)
- No behavioural analytics or session-recording tools (no Hotjar, Clarity, FullStory, Mixpanel)
- No email marketing platforms
- No customer data platforms
- No social media integrations
Changes to This List
We will update this page when we add or change sub-processors. Material changes will be notified to customers via email at least 30 days before the change takes effect. If you object to a new sub-processor on reasonable data protection grounds, you may terminate your subscription within 15 days of notification.
Contact
Questions about our sub-processors or data processing: info@writford.co.uk
See also: Privacy Policy | Terms of Service | Security