Sub-processors
PricePress engages a small number of trusted third-party providers (“Sub-processors”) to operate its platform. Each is bound by a Data Processing Agreement and meets PricePress’s vendor security standards.
Last Updated: April 30, 2026
Subscribe to changes
Get notified when PricePress adds or replaces a Sub-processor:
- Email: Send an email to legal@thepricepress.com with subject “Subscribe — Sub-processor Updates”.
- In-app: Customers receive an in-app notice when a material change is made.
We provide at least thirty (30) days’ notice of additions or replacements that handle personal data, except in emergency circumstances. Customers may object in writing during the notice period for legitimate data-protection reasons.
Infrastructure and platform
| Provider | Function | Region | Certifications |
|---|---|---|---|
| Supabase, Inc. | Database, authentication, file storage | United States | SOC 2 Type II, ISO 27001 |
| Vercel Inc. | Application hosting, serverless functions, web analytics | United States, Global edge | SOC 2 Type II, ISO 27001 |
| Upstash, Inc. | Redis cache, message queues | United States | SOC 2 Type II |
Supabase, Inc.
Database, authentication, file storage
Vercel Inc.
Application hosting, serverless functions, web analytics
Upstash, Inc.
Redis cache, message queues
Payment processing
| Provider | Function | Region | Certifications |
|---|---|---|---|
| Paddle (Paddle.com Market Limited) | Merchant of Record: payment processing, tax remittance, invoicing, customer portal | UK / multi-region (varies by customer location) | PCI DSS (SAQ A), SOC 2 Type II |
Paddle (Paddle.com Market Limited)
Merchant of Record: payment processing, tax remittance, invoicing, customer portal
AI and data enrichment
| Provider | Function | Region | Certifications |
|---|---|---|---|
| OpenAI, OpCo LLC | AI inference for product description standardisation, relevance filtering, semantic search. Anonymised product descriptions only. | United States | SOC 2 Type II |
OpenAI, OpCo LLC
AI inference for product description standardisation, relevance filtering, semantic search. Anonymised product descriptions only.
External retail data sources
For pricing lookups, the Service queries external retail data providers. These providers are not sub-processors of personal data — only anonymised product queries (item description, brand, model, and for grocery items a ZIP code) are transmitted. No personal, claim, or policyholder data ever reaches these providers.
The specific list of retail data providers is disclosed under confidentiality in our Data Processing Addendum, available to customers on request to legal@thepricepress.com. All providers are commercial APIs operating under their own published terms of service.
Vendor selection standards
When evaluating a new Sub-processor, PricePress considers:
- Public security certifications (SOC 2 Type II, ISO 27001, equivalent)
- Availability of a Data Processing Agreement aligned with DPJL/GDPR Article 28 requirements
- Data residency and cross-border transfer mechanisms (Standard Contractual Clauses where applicable)
- Incident notification timelines and processes (target: 72 hours or less)
- Necessity to the platform’s function (data minimisation principle)
- Operational reliability (status page transparency, historical uptime)
A Sub-processor is added to PricePress’s environment only after the security and contractual requirements are met.
Customer inquiries
For questions about any Sub-processor on this list, including specific security questionnaires or due-diligence requests:
See also our Security & Trust page and Privacy Policy.