SellerLegend Sub-Processor List
Last updated: September, 2025
SellerLegend Limited ("SellerLegend") uses carefully selected third-party service providers ("Sub-Processors") to support delivery of our SaaS platform. Each Sub-Processor is bound by written terms and must implement appropriate technical and organisational measures. Customers will be notified in advance of material changes to this list. Contact: support@sellerlegend.com.
1) Infrastructure, Hosting & Core Platform
| Sub-Processor | Purpose / Services Used | Location | Safeguards |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure incl. EC2, RDS, S3, Lightsail, VPC, SQS, SNS, ElastiCache, EFS, Route 53, Glue, Location Service, CloudWatch, KMS, Secrets Manager, GuardDuty, CloudTrail | Primary: USA (Oregon). Secondary/backup: EU (Ireland). | DPF Certified; SCCs; ISO 27001; SOC 2 |
2) Security, Performance & Content Delivery
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Cloudflare | CDN, DDoS protection, edge security & caching | Global (incl. USA/EU) | DPF Certified; SCCs |
| Trend Micro – Trend Cloud One | Threat detection, IPS/IDS, workload security | Global (EU/US data centres) | SCCs; ISO 27001 |
(AWS KMS, Secrets Manager, GuardDuty, CloudTrail are listed under AWS above to avoid duplication.)
3) Payment & Tax Processing
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe | Subscription billing & payment processing | USA | DPF Certified; PCI-DSS |
| Quaderno | VAT invoicing & MOSS reporting | EU (Spain/Netherlands) | GDPR compliant; SCCs as applicable |
4) Customer Communication & Support
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Intercom | Customer support/helpdesk | USA | DPF Certified; SCCs |
5) Analytics, Marketing & Advertising
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Analytics | Web/app analytics | USA/EU | DPF Certified; SCCs |
| Google Tag Manager | Tag management | USA/EU | DPF Certified; SCCs |
| Meta (Facebook) Pixel & Conversions API | Ad attribution & retargeting | USA | DPF Certified; SCCs |
| X (Twitter) Ads Conversion Tracking | Ad attribution | USA | SCCs |
| LinkedIn Insight Tag | Ad attribution & insights | USA | DPF Certified; SCCs |
6) Application Monitoring & Error Reporting
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Bugsnag (SmartBear) | Error monitoring & debugging | USA/EU/UK | SCCs |
| AWS CloudWatch | Application/infrastructure monitoring | USA/EU | Covered under AWS entry |
7) Internal Business, Email & Collaboration
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Workspace | Email, storage, docs | USA/EU | DPF Certified; SCCs |
| Microsoft Teams (Microsoft 365) | Internal messaging & collaboration | Global (USA/EU) | DPF Certified; SCCs |
| Slack (Salesforce) | Internal team messaging | USA/EU | DPF Certified; SCCs |
8) Development & Testing / Front-End Assets
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| GitHub (Microsoft) | Code repository & CI/CD | USA/EU | DPF Certified; SCCs |
| Postman | API development & testing | USA | SCCs |
| Font Awesome (CDN) | UI icon assets | USA | SCCs |
| datatables.net CDN | Front-end table library delivery | Global | SCCs |
9) Email & Forms
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Mailchimp | Email campaigns & mailing lists | USA | DPF Certified; SCCs |
| Mandrill / Mailchimp Transactional | Transactional email | USA | DPF/SCCs |
| Paperform | Web form submissions | USA | SCCs |
10) Accounting & Professional Services
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Enterprise Accounts | Bookkeeping/accounting | UK | UK GDPR |
| Grineaux Accountants | EC Sales Lists / accountancy | UK | UK GDPR |
11) Development Partner
| Sub-Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Histone Web Solutions | Application development & helpdesk support (restricted access) | Pakistan | SCCs + UK Addendum; access controls; least-privilege |
Notes
- Some providers (e.g., AWS, Stripe, Google) are certified under the EU-US Data Privacy Framework and UK Extension.
- For non-DPF providers (e.g., Histone in Pakistan), we rely on Standard Contractual Clauses (2021 SCCs + UK Addendum).
- We regularly review our Sub-Processors to ensure continued compliance.
Questions?
If you have any concerns about SellerLegend's use of Sub-Processors, please contact us at:
support@sellerlegend.com