SUBPROCESSORS
operational
legal

SUBPROCESSORS

Current subprocessors and processing safeguards.

Subprocessors Last Updated: [Date]

PodProfits uses third-party subprocessors to provide the profit monitoring and order management service. A subprocessor is a third-party processor that may handle personal data on your behalf as part of delivering the service.

1. Current Subprocessors

  • Cloudflare, Inc.: hosting, Workers compute, and D1 database infrastructure. Data processed includes order details, customer names and addresses, profit calculations, and analytics. D1 database processing is restricted to the EU jurisdiction where configured. Safeguards include SCCs and a DPA.
  • Etsy, Inc.: read-only source of shop, listing, order, and transaction data.
  • Printful, Inc.: read-only source of fulfillment data.
  • Printify, Inc.: read-only source of fulfillment data.

2. Cloudflare Details

Cloudflare, Inc. is a US-based company operating a global network. It provides hosting for Workers and D1.

Safeguards include

  • Standard Contractual Clauses.
  • A GDPR-compliant Data Processing Agreement.
  • EU-restricted D1 database placement where configured.
  • Security certifications such as SOC 2 Type II, ISO 27001, ISO 27701, and PCI DSS Level 1.

3. Etsy Details

Etsy is the source of your shop and order data. PodProfits reads this data through Etsy's official API.

Etsy is an independent Data Controller for the data you and your customers provide to Etsy. PodProfits acts as a service provider to you, the seller, under Etsy API Section 4.

4. Printful Details

Printful is the source of fulfillment data. PodProfits reads this data through Printful's official API.

Printful is an independent Data Controller. PodProfits acts as a service provider to you.

5. Printify Details

Printify is the source of fulfillment data. PodProfits reads this data through Printify's official API.

Printify is an independent Data Controller. PodProfits acts as a service provider to you.

6. Changes to Subprocessors

We may add or replace subprocessors when needed to provide or improve PodProfits.

When we add a new subprocessor

  • We update this page at least 30 days in advance.
  • We notify you by email using your registered address.
  • You may object by deleting your account before the change takes effect.

We will not add a subprocessor that

  • Processes your data for its own purposes.
  • Lacks adequate data protection safeguards unless SCCs or an equivalent mechanism are in place.
  • Refuses to sign a GDPR-compliant DPA with us.

7. Due Diligence

Before engaging a subprocessor, PodProfits:

  • Reviews the subprocessor's security and privacy practices.
  • Signs a Data Processing Agreement that meets GDPR Article 28 requirements.
  • Confirms adequate safeguards for international data transfers.
  • Reviews the subprocessor's own subprocessor list and security certifications where applicable.

8. Questions

Contact privacy@podprofits.app with questions about subprocessors.