The following entities are engaged as sub-processors by Adsup Pro LLC to provide the AdsUp.Pro Service. Customer authorizes these sub-processors per the Data Processing Addendum. We will provide at least 30 days' advance notice of new or replacement sub-processors via this page and, on request, by email subscription.
To subscribe to sub-processor change notifications, email privacy@adsup.pro with subject "Subscribe to sub-processor updates".
Hosting & Infrastructure
| Name | Function | Data Categories | Location | Transfer Mechanism |
|---|
| DigitalOcean | Virtual private server hosting | All Customer Personal Data and Customer Content | Frankfurt, Germany (EU) | Within EEA |
| Cloudflare, Inc. | Edge security, TLS termination, WAF, DDoS protection, geo-restriction | IP addresses, request metadata, traffic patterns | Global edge network | EU SCCs Module 2 |
| Coolify (self-hosted) | Container orchestration on AdsUp infrastructure | Operational metadata only | Frankfurt, Germany (EU) | Within EEA |
Payments
| Name | Function | Data Categories | Location | Transfer Mechanism |
|---|
| Stripe, Inc. | Payment processing, subscription billing, tax calculation, USDC settlement | Billing details, tokenized card data, transaction metadata, country, tax ID | United States (with global processing) | EU SCCs Module 2 + EU-U.S. Data Privacy Framework |
| Xendit | Local payment methods for Indonesia (QRIS, OVO, GoPay, DANA, virtual accounts) | Billing details, transaction metadata, IDR account references | Singapore / Indonesia | EU SCCs Module 2 (where applicable) |
AI Model Providers
| Name | Function | Data Categories | Location | Transfer Mechanism |
|---|
| OpenAI, L.L.C. | Large language model inference (chat, content generation) | User prompts, business context, content drafts. Tokens/passwords/payment data NEVER sent. | United States | EU SCCs Module 2; enterprise tier — no training on Customer inputs |
| Z.ai (Zhipu) | Large language model inference (extraction, classification) | User prompts, classification inputs | Singapore (international tier) | EU SCCs (where applicable); enterprise tier — no training on Customer inputs |
| Google (Gemini API) | Large language model inference (fallback) | User prompts, content drafts | United States / Europe | EU SCCs Module 2 |
Connected Platforms (act as independent controllers at your direction)
| Name | Function | Data Categories | Location | Transfer Mechanism |
|---|
| Meta Platforms, Inc. | Facebook, Instagram, WhatsApp Business, Messenger, Meta Ads | OAuth tokens, post content, ad configurations, audiences, messages | United States / Ireland | Per Meta's DPA |
| Google LLC (YouTube, Drive, Google Ads) | Video upload, file storage, search advertising | OAuth tokens, content, ad configurations | Global | Per Google's DPA |
| TikTok / ByteDance | TikTok Ads, content publishing | OAuth tokens, ad configurations, content | Singapore / Ireland / United States | Per TikTok's DPA |
| Notion Labs, Inc. | Optional knowledge-base sync | OAuth tokens, document content | United States | Per Notion's DPA |
Email Delivery
| Name | Function | Data Categories | Location | Transfer Mechanism |
|---|
| Transactional email provider | Service notifications, billing receipts, password resets | Email addresses, message content | United States / EU | EU SCCs Module 2 |
Compliance & Security (planned activation in Phase 1)
| Name | Function | Data Categories | Location | Transfer Mechanism |
|---|
| Sanctions.io | Sanctions / PEP screening | Name, business name, country, IP, email domain | United States / EU | EU SCCs Module 2 |
| IPQualityScore | VPN / proxy / fraud detection | IP addresses, fingerprints | United States | EU SCCs Module 2 |
Error Tracking & Monitoring
| Name | Function | Data Categories | Location | Transfer Mechanism |
|---|
| GlitchTip (self-hosted on AdsUp infrastructure) | Application error tracking | De-identified error reports — no tokens, no IPs, no emails | Frankfurt, Germany (EU) | Within EEA |
Internal Affiliates
We may share Customer Personal Data with affiliated entities of Adsup Pro LLC for the purposes of operating the Service. Currently we have no affiliated entities; this section will be updated if any are formed.
Right to Object
Customers subject to GDPR / UK GDPR / similar laws may object to a new sub-processor on reasonable data-protection grounds within 30 days of the change notification. See Section 6 of the DPA for procedure.