When we provide our services, some personal data is processed by third-party service providers ("sub-processors"). For transparency, we describe the categories of sub-processors we rely on below. The full list of named sub-processors — including the specific entities and their locations — is available to active clients on request under our Data Processing Agreement (DPA). We engage all sub-processors under agreements that require appropriate data protection safeguards.
Categories of sub-processors
We group the third parties that may process personal data on our behalf into the following categories. We disclose categories rather than named vendors here; active clients can request the full named list (see below).
| Category | Purpose | Typical data location |
|---|---|---|
| Infrastructure & hosting | Hosting our website, application, and background services | EU / USA |
| Database & analytics storage | Storing transactional and analytical data | EU |
| Authentication | Account sign-in and user management | EU / USA |
| Email & notifications | Transactional and service email delivery | EU / USA |
| AI processing | AI-assisted analysis and reporting | EU / USA |
| Ad & ecommerce platform connectors | Reading advertising and sales performance data via official platform APIs | EU / USA |
| Analytics & monitoring | Website analytics, error tracking, and application logging | EU / USA |
| Payments | Processing payments and billing | EU / USA |
| CRM & business operations | Managing client relationships and internal operations | EU / USA |
How we protect your data
We engage sub-processors under data processing agreements that require appropriate technical and organizational safeguards. Where data is transferred internationally, we rely on appropriate mechanisms such as standard contractual clauses (SCCs) or adequacy decisions.
AI providers we use do not train on data we send to their APIs, and we use enterprise-grade APIs with zero data-retention terms where available. Connected platform data is stored in our EU-based analytical and transactional databases, and transfers to or from platform APIs use HTTPS.
Requesting the full list
Active clients with an executed Data Processing Agreement can request the complete list of named sub-processors, including the specific entities, their processing purposes, and data locations. Contact us to request it.
Changes to this list
We update the categories and the underlying sub-processors as our infrastructure evolves. For material changes affecting active clients, we provide 30 days advance notice via email, as set out in the relevant Data Processing Agreement.
If you have concerns about how your data is processed, please contact us. Active clients with executed agreements have specific rights regarding sub-processor changes set out in those agreements.
Questions about this policy?
Email us at support@adsrunner.com and we'll respond within one business day.