Controller-Side Vendors
This page lists third-party vendors used by Service Provider when acting as independent Controller for Account Data and business operations (for example billing, account administration, support operations, security, and product analytics).
Service Provider in this document means Firnity (full business name: Łukasz Wiatrak Firnity), as identified in the Terms of Use and Privacy Policy.
This page does not list DPA Sub-Processors for Customer Data. For Customer Data processed on Users' behalf under DPA, see Sub-Processors.
Some vendors (including PostHog and Sentry) are used in separate role contexts. They are listed here for controller-side Account Data uses and, where they process Customer Data on User instructions, they are also listed on the Sub-Processors page.
Where a vendor may process personal data outside the EEA/UK/Switzerland, Service Provider uses GDPR Chapter V safeguards where required (for example adequacy decisions and/or Standard Contractual Clauses) and provides additional information on request.
Current controller-side vendors
Contracting legal entities for a given vendor may vary by geography, service configuration, or purchasing flow. The applicable contracting entity is identified in the relevant agreement/order flow for that vendor.
| Vendor | Purpose | Typical data scope | Location / transfer note |
|---|---|---|---|
| Stripe, Inc. | Payment processing and subscription billing operations | Billing/subscription metadata, invoicing details, transaction references | Processing and support access may occur outside the EEA/UK/Switzerland; where required, transfers are covered by GDPR Chapter V safeguards (for example adequacy and/or SCCs) |
| inFakt | Accounting and invoicing operations | Invoice/accounting records and tax details | Poland / EEA-centric services |
| Auth0, Inc. (Okta group) | Authentication and account access management | Account authentication/session metadata | EU region configured; limited global support/admin access may occur |
| Twilio SendGrid, Inc. | Transactional email delivery | Email delivery metadata and message content for account/service communications | EU/EEA configuration used where available; some processing/support access from outside the EEA/UK/Switzerland may occur; where required, transfers are covered by GDPR Chapter V safeguards (for example adequacy and/or SCCs) |
| Atlassian Pty Ltd (Jira Service Management) | Support portal/workflow tooling for account and support operations | Support request content, attachments, and ticket metadata | EU residency configured; limited global support access may occur |
| Google LLC (Google Workspace) | Business and support email communications | Email content, attachments, and message metadata | Global service (including EEA and United States); where required, transfers are covered by GDPR Chapter V safeguards (for example adequacy and/or SCCs) |
| PostHog, Inc. | Product analytics and usage measurement for service improvement | Account Data analytics events and related metadata for controller-side operations | EU cloud configuration used |
| Functional Software, Inc. (Sentry) | Error monitoring and reliability diagnostics | Account Data error-event metadata and diagnostic context for controller-side operations | EU region configured by Service Provider; limited global support access may occur. Where required, transfers are covered by GDPR Chapter V safeguards (for example adequacy and/or SCCs) |
Updates to this list follow the change rules in Privacy Policy Section 8.4.
Some vendors may appear both here and on the Sub-Processors list where they are used in separate role contexts.
Last updated: February 17, 2026