V2.0 Subprocessors TriFact365

Effective Date: 1 August 2026


Subprocessors

On this page, you will find an up-to-date overview of the subprocessors that TriFact365 engages to process Personal Data under our Data Processing Agreement.

Current subprocessors

Subprocessor (contracting entity)

Service & Purpose

Processing location

Transfer outside the EEA

Source

Featurebase — CORDNET OÜ (Estonia)

Customer feedback, roadmap, support communications (SOC 2 Type II certified)

Primarily within the European Economic Area (EEA); limited processing outside the EEA by authorised subprocessors

Yes — EU Standard Contractual Clauses (SCCs), in accordance with Featurebase's DPA

Subprocessors, Data Processing Agreement

Google Cloud Platform — Google Cloud EMEA Limited (Ireland)

Hosting, document processing (ISO 27001 + SOC 2 Type II certified)

europe-west4 (Netherlands)

No — processing in an EU data centre; potential access from the US by Google LLC is covered by the applicable data transfer mechanisms, including Standard Contractual Clauses (SCCs)

Subprocessors, Data Processing Agreement

Microsoft (Microsoft 365, Azure) — Microsoft Ireland Operations Limited (Ireland)

Hosting, document processing, CRM, correspondence, internal collaboration (including email, chat, document storage) (ISO 27001 + SOC 2 Type II certified)

West Europe (Netherlands)

No — processing takes place in an EU data centre; potential access from the US by Microsoft Corporation is covered by the applicable data transfer mechanisms, including Standard Contractual Clauses (SCCs)

Subprocessors, Data Processing Agreement

Storecove — Datajust B.V. (Netherlands)

Receipt of incoming e-invoices via the Peppol network (ISO 27001 certified)

European Union (Ireland)

No — processing in an EU data centre; potential access from the US by Amazon Web Services Inc. is covered by the applicable data transfer mechanisms, including Standard Contractual Clauses (SCCs)

Written, signed Data Processing Agreement (DPA)

Twilio SendGrid, Programmable Messaging — Twilio Inc. (United States)

Sending and receiving emails and SMS messages (ISO 27001 + SOC 2 Type II certified)

United States / worldwide

Yes — EU Standard Contractual Clauses (SCCs), in accordance with Twilio's DPA, supplemented by Twilio Inc.'s DPF certification

Subprocessors, Data Processing Agreement, DPF Certification

Changelog

  • 10 June 2026: Added: Featurebase, effective 24 June.

  • 10 June 2026: Removed: Exact, AFAS Software, King Software, SnelStart, Unit4, Visma, Wolters Kluwer. Rationale: these do not (or no longer) qualify as Subprocessors. Integrations that you enable yourself are independent data controllers acting on your instructions and are therefore not subprocessors of TriFact365.

  • 10 June 2026: Removed: LinkedIn, Google Ads. Rationale: these do not (or no longer) qualify as Subprocessors.

Changes

We will provide advance notice of changes to this overview. The notice period, the right to object, and the procedure for urgent changes are set forth in Article 7.2 of our Data Processing Agreement.

Definitions and Broader Context

The legal frameworks for subprocessors—our obligations, your consent, the right to object, and the conditions for data transfers—are set forth in our Data Processing Agreement.

For a broader security and compliance context, see our Trust Center.

Contact

Please submit any questions about this list or a specific subprocessor via our contact page.


End of subprocessors page — v2.0

TriFact365 B.V.
Arnhemseweg 10, 3817 CH Amersfoort, The Netherlands | Chamber of Commerce No. 30262227 | VAT No. NL820778540B01