We use the following sub-processors to deliver the Deltapp service. Each is bound by a data processing agreement. We notify customers at least 14 days before adding a new sub-processor that materially affects personal data handling.
| Sub-processor | Purpose | Data category | Location |
|---|---|---|---|
| Clerk | Authentication and account management | Account credentials, sessions | US |
| Vercel | Application hosting (web frontend + serverless functions) | Requests, logs, metadata | EU (primary), US (CDN) |
| Oracle Cloud Infrastructure | Primary database hosting (Postgres) | Account data, listings, orders | UK |
| Trigger.dev | Scheduled job runner (price syncs, scheduled publishes) | Job metadata, user IDs | EU |
| Sentry | Error monitoring and performance tracing | Error stacks, request metadata, anonymous user IDs | EU |
| Resend | Transactional email delivery | Email addresses, message content | US |
| Decodo | Amazon price scraping fallback | ASINs (no personal data) | EU |
| eBay | Marketplace integration (listings, orders, messages) | Store-level data you connect via OAuth | Global |
| Amazon | Product source (read-only product data) | ASINs (no personal data) | Global |
Where data leaves the UK / EEA, transfers are protected by Standard Contractual Clauses, adequacy decisions, or the sub-processor's own approved transfer mechanism.