Legal
Sub-processors
Last updated: May 20, 2026
Quoining (operated by Bolt Systems, LLC) uses a limited set of third-party sub-processors to deliver the Service. A sub-processor is a third party that we engage to process customer data on behalf of our customers. Each sub-processor is bound by contract to data-protection terms substantially aligned with our Data Processing Agreement.
The Service is currently offered only in the United States. Our core application hosting and the customer database are in AWS us-east-1 in the United States. Some optional, customer-enabled sub-processors listed below process limited data outside the United States (Shopify in Canada, Moralis in the European Union, Better Stack in the European Union / United States); those processors only receive data after the customer enables them and can be disabled at any time from Settings.
Core infrastructure (always active)
| Sub-processor | Purpose | Location | Data types |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting (ECS Fargate), database (RDS PostgreSQL), cache (ElastiCache Redis), file storage (S3), transactional email (SES), secrets (Secrets Manager), monitoring (CloudWatch, GuardDuty) | United States (us-east-1) | All customer data at rest and in transit |
Payments
| Sub-processor | Purpose | Location | Data types |
|---|---|---|---|
| Stripe, Inc. | Subscription billing, payment processing, invoicing | United States | Billing contact, payment method tokens, invoice metadata |
Identity providers (used only when the user chooses)
| Sub-processor | Purpose | Location | Data types |
|---|---|---|---|
| Google LLC (OAuth) | Sign in with Google (only when the user chooses this method) | United States | Profile email, name, ID token |
| Microsoft Corporation (Entra ID) | Sign in with Microsoft (only when the user chooses this method) | United States | Profile email, name, ID token |
Product integrations (opt-in per customer)
| Sub-processor | Purpose | Location | Data types |
|---|---|---|---|
| Plaid, Inc. | Bank account linking and transaction import (opt-in per customer) | United States | Bank account identifiers, transaction history, balances |
| Anthropic, PBC | AI features (transaction categorization, AI Accountant, PDF statement parsing, footnote drafting). Anthropic does not train its models on customer data submitted through its commercial API. | United States | Prompts, chart-of-account names, transaction descriptions, document snippets |
| Gusto, Inc. | Payroll sync (opt-in) | United States | Payroll run summaries, employee wage breakdowns |
| Ramp Business Corporation | Corporate card and expense import (opt-in) | United States | Transaction metadata, merchant and category data |
| Bill.com, LLC | Accounts payable sync (opt-in) | United States | Vendor records, bill and payment metadata |
| Avalara, Inc. | Sales tax automation (opt-in) | United States | Invoice line items, addresses, tax jurisdiction data |
| Shopify Inc. | E-commerce order, payout, and product sync (opt-in) | Canada | Payout summaries, order, product, and inventory metadata |
| Block, Inc. (Square) | POS payment sync (opt-in) | United States | Payment and refund metadata |
| Moralis | Blockchain wallet scanning for crypto accounting (opt-in) | European Union | Wallet addresses, on-chain transaction data (public blockchain) |
Observability & analytics
| Sub-processor | Purpose | Location | Data types |
|---|---|---|---|
| Sentry (Functional Software, Inc.) | Application error tracking and performance monitoring. Session replay is captured around error events; in addition, when an authorized Quoining administrator is impersonating a customer account for support or audit purposes, the full session is recorded for the duration of that impersonation. In all cases, text inputs and media are masked by default. | United States | Error stack traces, request metadata, masked session replays, user ID when signed in |
| Better Stack | Public status page at status.quoining.com and synthetic uptime monitoring | European Union / United States | HTTP probe results (no customer data) |
| PostHog, Inc. | Product analytics, loaded only after analytics-cookie consent | United States (us.i.posthog.com) | Pseudonymous event data, feature-flag decisions |
| Google LLC (Google Analytics 4) | Aggregate marketing-site analytics, loaded only after analytics-cookie consent | United States | Pseudonymous pageview data with IP truncation enabled, UTM parameters |
Notice of new sub-processors
We will notify customers of material changes to this list (new sub-processors, material scope changes) by updating this page and emailing the account admin at least 30 days before the change takes effect, except where shorter notice is required by law or by a business-continuity event. Customers may object to the addition of a sub-processor by contacting privacy@quoining.com before the effective date.