SellerLegend Sub-Processor List

Last updated: September, 2025

SellerLegend Limited ("SellerLegend") uses carefully selected third-party service providers ("Sub-Processors") to support delivery of our SaaS platform. Each Sub-Processor is bound by written terms and must implement appropriate technical and organisational measures. Customers will be notified in advance of material changes to this list. Contact: support@sellerlegend.com.

1) Infrastructure, Hosting & Core Platform

Sub-Processor Purpose / Services Used Location Safeguards
Amazon Web Services (AWS) Cloud infrastructure incl. EC2, RDS, S3, Lightsail, VPC, SQS, SNS, ElastiCache, EFS, Route 53, Glue, Location Service, CloudWatch, KMS, Secrets Manager, GuardDuty, CloudTrail Primary: USA (Oregon). Secondary/backup: EU (Ireland). DPF Certified; SCCs; ISO 27001; SOC 2

2) Security, Performance & Content Delivery

Sub-Processor Purpose Location Safeguards
Cloudflare CDN, DDoS protection, edge security & caching Global (incl. USA/EU) DPF Certified; SCCs
Trend Micro – Trend Cloud One Threat detection, IPS/IDS, workload security Global (EU/US data centres) SCCs; ISO 27001

(AWS KMS, Secrets Manager, GuardDuty, CloudTrail are listed under AWS above to avoid duplication.)

3) Payment & Tax Processing

Sub-Processor Purpose Location Safeguards
Stripe Subscription billing & payment processing USA DPF Certified; PCI-DSS
Quaderno VAT invoicing & MOSS reporting EU (Spain/Netherlands) GDPR compliant; SCCs as applicable

4) Customer Communication & Support

Sub-Processor Purpose Location Safeguards
Intercom Customer support/helpdesk USA DPF Certified; SCCs

5) Analytics, Marketing & Advertising

Sub-Processor Purpose Location Safeguards
Google Analytics Web/app analytics USA/EU DPF Certified; SCCs
Google Tag Manager Tag management USA/EU DPF Certified; SCCs
Meta (Facebook) Pixel & Conversions API Ad attribution & retargeting USA DPF Certified; SCCs
X (Twitter) Ads Conversion Tracking Ad attribution USA SCCs
LinkedIn Insight Tag Ad attribution & insights USA DPF Certified; SCCs

6) Application Monitoring & Error Reporting

Sub-Processor Purpose Location Safeguards
Bugsnag (SmartBear) Error monitoring & debugging USA/EU/UK SCCs
AWS CloudWatch Application/infrastructure monitoring USA/EU Covered under AWS entry

7) Internal Business, Email & Collaboration

Sub-Processor Purpose Location Safeguards
Google Workspace Email, storage, docs USA/EU DPF Certified; SCCs
Microsoft Teams (Microsoft 365) Internal messaging & collaboration Global (USA/EU) DPF Certified; SCCs
Slack (Salesforce) Internal team messaging USA/EU DPF Certified; SCCs

8) Development & Testing / Front-End Assets

Sub-Processor Purpose Location Safeguards
GitHub (Microsoft) Code repository & CI/CD USA/EU DPF Certified; SCCs
Postman API development & testing USA SCCs
Font Awesome (CDN) UI icon assets USA SCCs
datatables.net CDN Front-end table library delivery Global SCCs

9) Email & Forms

Sub-Processor Purpose Location Safeguards
Mailchimp Email campaigns & mailing lists USA DPF Certified; SCCs
Mandrill / Mailchimp Transactional Transactional email USA DPF/SCCs
Paperform Web form submissions USA SCCs

10) Accounting & Professional Services

Sub-Processor Purpose Location Safeguards
Enterprise Accounts Bookkeeping/accounting UK UK GDPR
Grineaux Accountants EC Sales Lists / accountancy UK UK GDPR

11) Development Partner

Sub-Processor Purpose Location Safeguards
Histone Web Solutions Application development & helpdesk support (restricted access) Pakistan SCCs + UK Addendum; access controls; least-privilege

Notes

  • Some providers (e.g., AWS, Stripe, Google) are certified under the EU-US Data Privacy Framework and UK Extension.
  • For non-DPF providers (e.g., Histone in Pakistan), we rely on Standard Contractual Clauses (2021 SCCs + UK Addendum).
  • We regularly review our Sub-Processors to ensure continued compliance.

Questions?

If you have any concerns about SellerLegend's use of Sub-Processors, please contact us at:
support@sellerlegend.com