PriceMux Sub-processor List
Last Updated: 2026-05-19
Change-Notice Commitment
PriceMux will publish any intended addition or replacement of a sub-processor on this page at least 30 days before the new sub-processor begins processing merchant personal data, or such shorter period as is reasonable in light of the notice PriceMux itself receives from its upstream sub-processors (where a downstream provider gives us less than 30 days, we will pass through the longest window we can while staying inside our own objection deadline). Notice is sent by email to merchants on our change-notice list. To subscribe (or unsubscribe), email privacy@pricemux.com with “subscribe” (or “unsubscribe”) in the subject line; we add (or remove) the requesting address within five business days and confirm by reply. The 30-day period gives effect to SCC Clause 9, Option 2 (general written authorisation). If a merchant objects on reasonable data-protection grounds within the notice window and the parties cannot resolve the objection, the merchant may terminate the affected services without penalty for the unused portion of any prepaid term.
Current Sub-processors
| Name | Purpose | Data categories | Location | Transfer mechanism |
|---|---|---|---|---|
| Hostinger International Ltd (Lithuania HQ) | Primary VPS hosting: app, Postgres, Redis, worker | All categories in Privacy Policy §2 | Boston, Massachusetts, USA (subject to Mass. Gen. Laws ch. 93H breach-notification regime and 201 CMR 17.00 data-security standards) | EU SCCs Module 3 (Decision 2021/914); UK IDTA Addendum VERSION B1.0 |
| Cloudflare, Inc. (US HQ) | Tunnel + Access for app.pricemux.com, grafana.pricemux.com, marketing site | Network metadata in transit; no order data at rest | US-headquartered, global edge | EU SCCs Module 3 per Cloudflare Customer DPA; UK IDTA |
First-Party Infrastructure (NOT a sub-processor)
| Site | Role | Why disclosed |
|---|---|---|
| Xynik LLC retail premises, 5474 Lake Howell Rd, Winter Park, FL (Orlando metro), USA | Warm-standby Postgres + worker; holds Postgres backups | Operated by Xynik on owned hardware — not a third-party processor under GDPR Art. 28(2)/(4); disclosed for transparency. Physical security: locked premises, retail-hours staffed access, building alarm system. |
Excluded
Shopify is the originator of the data and is not a PriceMux sub-processor. The Merchant’s relationship with Shopify is governed by the Shopify DPA at shopify.com/legal/dpa.