Consentmo uses the sub-processors listed below to provide its Services. A sub-processor is a third party that processes personal data of our merchants' store visitors and customers on Consentmo's behalf. Each sub-processor is bound by a written agreement imposing data protection obligations substantially the same as those in our Merchant DPA.

Service providers that process only Consentmo's own website or merchant account data (such as website analytics) are not sub-processors and are described in our Privacy Policy.

Sub-processor Entity country Function Personal data categories Location of processing Transfer mechanism
Amazon Web Services Luxembourg / United States Cloud infrastructure, hosting, storage, backups, or related infrastructure services, if used for the Services Consent records, Privacy Center request data, EU withdrawal request data, merchant store configuration, technical logs European Economic Area, where configured; limited support or transfer processing may occur outside the EEA EEA processing where data is stored in EEA regions; EU-U.S. Data Privacy Framework and/or SCCs under AWS DPA where applicable
Google Cloud Ireland / United States Cloud infrastructure, hosting, storage, analytics infrastructure, or related cloud services, if used for the Services Consent records, Privacy Center request data, EU withdrawal request data, merchant store configuration, technical logs European Economic Area, where configured; limited support or transfer processing may occur outside the EEA EEA processing where data is stored in EEA regions; EU-U.S. Data Privacy Framework and/or SCCs under Google Cloud Data Processing Addendum where applicable
DigitalOcean United States Cloud hosting and infrastructure services Consent records, Privacy Center request data, EU withdrawal request data, merchant store configuration, technical logs European Economic Area, currently Amsterdam, the Netherlands, EEA processing where data is stored in EEA regions; EU-U.S. Data Privacy Framework and/or SCCs under DigitalOcean DPA where applicable
Crisp France Customer support chat and support communications Merchant contact details, support messages, support attachments, and any merchant/customer personal data voluntarily included in support conversations European Union for core messaging data, with limited relay/log processing as described by Crisp EEA processing; appropriate safeguards under Crisp's DPA where applicable
Bunny CDN / bunny.net Slovenia Content delivery network for app assets, fonts, or similar resources Technical request data, such as IP address, user agent, URL/resource request, country code, and related CDN logs, where processed EEA or global CDN locations, depending on configuration EEA processing where configured; DPA/SCCs or other appropriate safeguards where processing occurs outside the EEA

Change notifications

To receive notices of intended additions or replacements of sub-processors, email privacy@consentmo.com with the subject “Sub-processor change notifications.” We will add your contact address to our notification list.

Questions

For questions about our sub-processors or data processing practices, contact privacy@consentmo.com.