Last updated March 27th 2026 · 5 min read
Company: FindPlay, Inc.
EIN: 36-5170181
Effective Date: 27 March 2026
Governing Law: Delaware, United States (primary); Australian Privacy Act 1988 (Cth); EU/UK GDPR; and applicable laws in all jurisdictions in which FindPlay operates, including the United States, Australia, the European Union, the United Kingdom, and Asia-Pacific markets.
Version: v1.0
This document lists the categories of sub-processors that FindPlay, Inc. engages to process personal data on its behalf in the course of providing the FindPlay platform. This list is maintained in accordance with FindPlay's obligations under the EU/UK GDPR, Australian Privacy Act 1988 (Cth), Singapore PDPA, Japan APPI, and applicable US privacy law.
A sub-processor is a third-party service provider engaged by FindPlay that processes personal data as part of providing the FindPlay platform. FindPlay remains responsible for the acts and omissions of its sub-processors in respect of personal data processing, and imposes data protection obligations on all sub-processors equivalent to those FindPlay has accepted under its Data Processing Agreement and applicable privacy law.
FindPlay assesses all sub-processors before engagement to confirm:
They have implemented appropriate technical and organisational security measures.
They operate in accordance with applicable data protection law in their jurisdiction.
Appropriate data transfer mechanisms are in place for cross-border transfers (including EU SCCs, UK IDTA, or equivalent).
Their data processing terms are consistent with FindPlay's obligations to Controllers under the DPA.
FindPlay reviews sub-processor arrangements annually and following any material change to the sub-processor's operations, ownership, or legal status.
FindPlay's platform is hosted on cloud infrastructure provided by major cloud service providers. These sub-processors store and process platform data, including user and provider personal data, in secure data centres.
Category | Purpose | Data Location |
|---|---|---|
Cloud infrastructure | Platform hosting, database storage, compute | United States (primary); Australia; EU (where required for data residency) |
Content delivery network (CDN) | Platform performance and content delivery | Global points of presence |
Data backup and disaster recovery | Business continuity | United States; Australia |
Category | Purpose | Key Sub-processor |
|---|---|---|
Payment processing | Processing transactions, disbursements, and refunds | Stripe, Inc. (USA) |
Payment compliance | Fraud detection, identity verification for payments | Stripe and applicable fraud prevention services |
Stripe processes payment data in accordance with its Privacy Policy and PCI DSS compliance obligations. FindPlay's use of Stripe is governed by the Stripe Connected Account Agreement and Stripe's Data Processing Agreement.
Category | Purpose | Jurisdictions |
|---|---|---|
Identity verification | KYC and provider identity verification | Global (vendor selection varies by jurisdiction) |
Background screening | Criminal record and working with children checks | Australia, USA, UK, EU, Singapore, Japan (market-appropriate vendor) |
Business verification | ABN/ACN, company registration, EIN verification | Australia, USA, UK, EU, Singapore, Japan |
Category | Purpose |
|---|---|
Transactional email | Booking confirmations, notifications, receipts |
Marketing email | Platform newsletters and promotional communications (with consent) |
SMS/push notifications | Booking reminders, waitlist notifications, security alerts |
In-app messaging | Provider-user communications within the platform |
Category | Purpose | Data Type |
|---|---|---|
Platform analytics | Usage analytics, performance monitoring, error tracking | Anonymised/pseudonymised usage data |
Search and discovery | Search infrastructure and relevance ranking | Listing and search query data |
A/B testing and experimentation | Feature development and optimisation | Anonymised behaviour data |
Category | Purpose |
|---|---|
Help desk and ticketing | Managing support requests from users and providers |
Live chat (where available) | Real-time support |
Knowledge base | Self-service support content |
Category | Purpose |
|---|---|
Web application firewall (WAF) | Platform security |
DDoS protection | Platform resilience |
Fraud detection | Transaction and account fraud prevention |
Security monitoring (SIEM) | Incident detection and response |
Category | Purpose |
|---|---|
Credential verification | Verifying professional qualifications and memberships |
Document verification | Verifying uploaded certificates and licences |
Wearable device integration | Apple Health, Google Fit, Garmin Connect, Fitbit, Samsung Health APIs |
Where sub-processors are located outside the jurisdiction in which personal data originates, FindPlay implements appropriate data transfer mechanisms:
Transfer Route | Mechanism |
|---|---|
EU/EEA → USA | Standard Contractual Clauses (EU SCCs, June 2021) |
UK → USA | International Data Transfer Agreement (IDTA) |
Australia → USA | Contractual protections under APP 8 |
Singapore → USA | Model clauses under PDPA |
Japan → USA | Third-party provision requirements under APPI |
FindPlay will notify Controllers of any intended addition or replacement of a sub-processor by updating this document and providing notice via the provider dashboard and email to the primary account contact. Notice will be provided at least 30 days in advance of any material change, allowing Controllers to object to the change in accordance with their rights under the applicable DPA.
Controllers who object to a new sub-processor and whose objection cannot be reasonably accommodated may terminate their agreement with FindPlay on written notice, subject to the terms of the applicable commercial agreement.
The detailed sub-processor list, including named vendors, is maintained and updated at findplay.com/legal/sub-processors and is available to enterprise partners and micro-marketplace licensees on request at legal@findplay.com.