Last Updated: 8 May 2026
This page lists the third-party sub-processors that Automated Commerce B.V. uses to deliver the Service. Sub-processors act on our instructions and are bound by data-protection obligations consistent with the GDPR and our Privacy Policy.
We notify Customers of new sub-processors (or replacements) at least 30 days in advance through this page and through in-Service notice or email. If you have signed our Data Processing Agreement, you have the right to object to a new sub-processor on data-protection grounds, as set out in the DPA.
Where a sub-processor is established outside the European Economic Area (EEA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by appropriate technical and organisational safeguards. Transfer Impact Assessments are available on request.
| Sub-processor | Purpose | Region | Data categories |
|---|---|---|---|
| Cloudflare, Inc. (US, EU subsidiary) | Workers (compute), R2 object storage, Queues, Hyperdrive, KV | Globally distributed edge; EU edges available | Customer Content in transit and at rest; service-usage logs |
| Neon Inc. (managed PostgreSQL on AWS) | Primary application database | AWS eu-central-1 (Frankfurt, Germany) | Account data, billing records, Customer Content, audit logs |
| ClickHouse, Inc. (ClickHouse Cloud on AWS) | Analytics warehouse for order, channel, and campaign metrics | AWS eu-central-1 (Frankfurt, Germany) | Aggregated order metrics, channel performance data |
| Vercel Inc. | Frontend hosting (Next.js apps), edge functions | Global edge network with EU regions | Service usage logs, request data |
Some AI providers may, under their default terms, retain or use the data we send them — including Customer Content — for the improvement and training of their own models. Where a provider offers a no-training option we use it where commercially reasonable. See Section 5 of our Privacy Policy for detail.
| Sub-processor | Purpose | Region | Data categories |
|---|---|---|---|
| FAL AI | Image-related AI generation (e.g. studio shots, edits) | Outside EEA — SCCs in place | Image URLs and prompts derived from Customer Content |
| OpenRouter, Inc. | Text-generation routing across underlying language models | Outside EEA — SCCs in place | Product titles, descriptions, prompt context |
| PhotoRoom | Studio-shot image generation and background removal | Outside EEA — SCCs in place | Image URLs derived from Customer Content |
| Tripo AI | 3D model generation | Outside EEA — SCCs in place | Image URLs and prompts derived from Customer Content |
| Sub-processor | Purpose | Region | Data categories |
|---|---|---|---|
| Mollie B.V. | Subscription payment processing | Netherlands (EEA) | Billing data, payment metadata (no full card numbers) |
| Moneybird B.V. | Accounting and invoicing | Netherlands (EEA) | Account and contact data, invoice records |
| Trigger.dev | Background-job orchestration | EEA-aligned cloud regions | Customer Content during job execution; job metadata |
| Resend Inc. | Transactional and notification email delivery | Outside EEA — SCCs in place | Email addresses, message content for service emails |
| Twenty (Twenty CRM) | Customer relationship management — sales pipeline, lead and account tracking, customer-success operations | Self-hosted on EEA infrastructure | Account contact data, sales prospect data, customer-success interaction notes |
| Apify Technologies s.r.o. | Public-web data extraction in import flows | EEA | Public-web URLs supplied by Customer; extracted public data |
| Sanity.io | Content management for the marketing site | EEA / US — SCCs where applicable | Marketing-site content (no Customer Content) |
| Umami Software, Inc. (self-hosted) | Privacy-friendly page-view analytics for the platform | Self-hosted on Cloudflare; EEA edge | Aggregated page-view data; no individual identifiers |
| Vercel Web Analytics | Cookieless marketing-site analytics | Global edge network with EU regions | Aggregated request data; no cookies, no cross-site identifiers |
When a Customer connects a third-party platform to the Service (Shopify, Google Ads, Meta, Pinterest, marketplaces, and similar), those platforms remain independent controllers in respect of any data they collect on their own account. They are not our sub-processors. Customer's use of those platforms is governed by the respective platforms' terms.
Questions about this list, or requests for our DPA, Transfer Impact Assessments, or further information can be sent to business@automatedcommerce.ai.
Recevez les dernières analyses de l'industrie de l'IA et les mises à jour sur les nouvelles fonctionnalités de la plateforme