Legal
Sub-processors
Last updated: 19 May 2026
In accordance with Art. 28 GDPR, we inform our customers about all third parties (sub-processors) we engage to deliver our services and to whom we may transfer your users' personal data. We contractually ensure that all sub-processors maintain an equivalent level of data protection.
Infrastructure & Hosting
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, data storage, compute | EU (Frankfurt, eu-central-1) | All processed customer data | Standard Contractual Clauses (Art. 46 GDPR) | Link |
| Vercel Inc. | Edge hosting & CDN for the web frontend | EU / USA (SCCs) | IP addresses, page views, performance data | Standard Contractual Clauses (Art. 46 GDPR) | Link |
| Cloudflare Inc. | DDoS protection, DNS, TLS termination | EU / USA (SCCs) | IP addresses, HTTP metadata | Standard Contractual Clauses (Art. 46 GDPR) | Link |
Database & Storage
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| Supabase Inc. | Managed PostgreSQL database service | EU (Frankfurt) | Product and account data, user profile | Data Processing Agreement (Art. 28 GDPR) | Link |
Artificial Intelligence
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| OpenAI, L.L.C. | AI-powered product data enrichment (copy, attributes) | USA (SCCs) | Product titles, descriptions, attribute values | Standard Contractual Clauses (Art. 46 GDPR) | Link |
| Google LLC (Vertex AI) | Alternative AI models for image analysis & translation | EU / USA (SCCs) | Product images, product texts | Standard Contractual Clauses (Art. 46 GDPR) | Link |
| DeepL SE | Automatic translation of product texts | Germany (EU) | Product descriptions, attributes | Data Processing Agreement (Art. 28 GDPR) | Link |
Payment Processing
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| Stripe, Inc. | Credit card and SEPA payment processing | USA / EU (SCCs) | Billing address, payment method metadata | Standard Contractual Clauses (Art. 46 GDPR) | Link |
Email & Communication
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| Postmark (ActiveCampaign) | Transactional emails (confirmations, notifications) | USA (SCCs) | Email address, name, email content | Standard Contractual Clauses (Art. 46 GDPR) | Link |
| Loops.so Inc. | Lifecycle email marketing (onboarding, product updates) | USA (SCCs) | Email address, name, usage behaviour | Standard Contractual Clauses (Art. 46 GDPR) | Link |
Customer Support
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| Intercom, Inc. | In-app chat, Help Center, support ticketing | USA (SCCs) | Email address, name, chat messages, usage data | Standard Contractual Clauses (Art. 46 GDPR) | Link |
Analytics & Monitoring
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| PostHog Inc. | Product analytics, feature usage analysis | EU (Frankfurt, EU Cloud) | Pseudonymised user IDs, events, session data | Legitimate interest / consent (Art. 6 GDPR) | Link |
| Sentry (Functional Software, Inc.) | Error and performance monitoring | USA (SCCs) | Stack traces, user ID (pseudonymised), browser info | Legitimate interest (Art. 6(1)(f) GDPR) | Link |
Authentication
| Provider | Purpose | Location | Data categories | Legal basis | Privacy |
|---|---|---|---|---|---|
| Google LLC (OAuth) | Social login via Google account | USA (SCCs) | Email address, name, Google user ID | Consent (Art. 6(1)(a) GDPR) | Link |
Change notice
We reserve the right to update this list when sub-processors are added or removed. Material changes will be communicated to customers with an active Data Processing Agreement by email at least 30 days before they take effect.
Questions & objections
For questions about our sub-processors or if you wish to object to a change, please contact us at jakob@productbay.ai.