Sub-Processors


Sub-Processors

Effective Date: January 1, 2026 | Last Revised: May 12, 2026 | Version 1.1

Save Policy PDF

Overview
Infrastructure & Hosting
Payment Processing
Communications & Support
Analytics & Monitoring
Security & Compliance
Fulfillment & Logistics
About this Sub-Processors. This Policy covers the rules, obligations, and rights that apply to this policy on the Upmos marketplace. Read the full text below; by using our Services you agree to comply with it.

In Plain English (Non-Binding Summary)

1. Overview. Upmos uses carefully selected third-party service providers (“sub-processors”) to deliver our marketplace platform and related services. Each sub-processor has been evaluated for their data protection practices, security

This plain-language box is provided for accessibility and readability only. It is not a substitute for the full Policy below, which controls in case of any conflict.

Print, Export & Relevant Links

Print This PolicyExport as PDFTerms of UsePrivacy Policy

Table of Contents

  1. 1. Overview
  2. 2. Infrastructure & Hosting
  3. 3. Payment Processing
  4. 4. Communications & Support
  5. 5. Analytics & Monitoring
  6. 6. Security & Compliance
  7. 7. Fulfillment & Logistics (GoCargo)
  8. 8. Changes to This List
  9. 9. Contact Us
  10. How Can You Contact Us About This Policy?
  11. Version History

1. Overview

Upmos uses carefully selected third-party service providers (“sub-processors”) to deliver our marketplace platform and related services. Each sub-processor has been evaluated for their data protection practices, security certifications, and compliance with applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), and other relevant frameworks.

All sub-processors are bound by contractual obligations that require them to:

  • Process personal data only on Upmos’s documented instructions
  • Implement appropriate technical and organizational security measures
  • Assist Upmos in fulfilling data subject rights requests
  • Delete or return personal data upon termination of services
  • Submit to audits and inspections as required

2. Infrastructure & Hosting

Sub-Processor Purpose Data Processed Location
Microsoft Azure Cloud hosting, compute, storage, and CDN All platform data including seller accounts, product listings, order data United States (South Central US)
Cloudflare DNS, DDoS protection, WAF, CDN IP addresses, HTTP request metadata, cached content Global (edge network)
Azure SQL Database Primary relational database Seller profiles, product data, order records, financial data United States
Azure Blob Storage File and media storage Product images, seller documents, compliance records United States

3. Payment Processing

Sub-Processor Purpose Data Processed Location
Stripe Payment processing, seller payouts Payment card details, bank account info, transaction data, KYC documents United States
PayPal Alternative payment method Email addresses, transaction amounts, buyer/seller identifiers United States
Plaid Bank account verification Bank account numbers, routing numbers, account holder names United States
PCI-DSS Compliance: All payment sub-processors are PCI-DSS Level 1 certified. Upmos does not store, process, or transmit cardholder data directly — all payment processing is handled by our certified payment partners.

4. Communications & Support

Sub-Processor Purpose Data Processed Location
SendGrid (Twilio) Transactional email delivery Email addresses, email content, delivery metadata United States
Twilio SMS notifications & 2FA Phone numbers, SMS content, delivery status United States
Zendesk Customer and seller support ticketing Names, email addresses, support ticket content United States

5. Analytics & Monitoring

Sub-Processor Purpose Data Processed Location
Google Analytics Website analytics & traffic analysis Anonymized IP addresses, page views, session data, device information United States
Azure Application Insights Application performance monitoring Error logs, performance telemetry, anonymized usage data United States
Hotjar UX heatmaps & session recordings Anonymized click/scroll behavior, device type (PII excluded) EU (Malta)

6. Security & Compliance

Sub-Processor Purpose Data Processed Location
DocuSign Electronic signature for agreements Names, email addresses, IP addresses, signed documents United States
Persona Identity verification (KYC/AML) Government-issued IDs, selfie photos, verification results United States
Microsoft Entra ID Identity & access management User credentials, authentication tokens, access logs United States

7. Fulfillment & Logistics (GoCargo)

Sub-Processor Purpose Data Processed Location
UPS Package shipping & tracking Recipient names, shipping addresses, package dimensions/weight, tracking numbers United States & International
USPS Package shipping & tracking Recipient names, shipping addresses, tracking numbers United States
FedEx Package shipping & tracking Recipient names, shipping addresses, package details, tracking numbers United States & International
ShipStation Shipping label generation & order management Order details, shipping addresses, carrier selection United States

8. Changes to This List

Upmos may update this sub-processor list from time to time as we add, remove, or replace service providers. In accordance with our Data Processing Agreement:

  • We will provide 30 days’ prior written notice before engaging a new sub-processor that processes personal data
  • Sellers who have entered into a DPA with Upmos may object to a new sub-processor within 14 days of receiving notice
  • If a reasonable objection cannot be resolved, sellers may terminate the affected services without penalty
  • This page will be updated to reflect all current sub-processors
Subscribe to Updates: To receive email notifications when this sub-processor list is updated, contact privacy@upmos.com with the subject line “Sub-Processor Updates.”

9. Contact Us

If you have questions about our sub-processors or data processing practices, please contact:

Privacy Team
privacy@upmos.com
Legal Team
legal@upmos.com
Data Protection Officer
dpo@upmos.com

Mailing Address

Upmos Inc.
9896 Bissonnet St
Houston, TX 77036
United States

How Can You Contact Us About This Policy?

If you have any further questions or comments or wish to report any problematic Content or Contribution, you may contact us by:

General Contact

Department Directory

Department Email Purpose
General Support support@upmos.com Account help, general inquiries
Legal legal@upmos.com Legal questions, appeals, terms inquiries
DMCA / Copyright dmca@upmos.com Copyright infringement notices & counter-notices
Privacy privacy@upmos.com Data requests, CCPA/GDPR inquiries
Fraud fraud@upmos.com Report fraudulent activity (24/7)
Security security@upmos.com Vulnerability reports, bug bounty
Disputes disputes@upmos.com Transaction & seller disputes
Refunds refunds@upmos.com Refund requests & status
Accessibility accessibility@upmos.com Accessibility issues & feedback

Mailing Address

Upmos Inc.
9896 Bissonnet St
Houston, TX 77036
United States

Version History

Material revisions to this Policy are tracked below. Minor typographical fixes are not separately enumerated.

Version Date Changes
v1.1 May 12, 2026 Restored chip navigation and the “In Plain English” non-binding summary box; rebuilt the jump-bar into three categorized columns (Overview / Coverage & Rules / Resolution & Help) and removed its sticky positioning; readability hardening for both light and dark mode so that strong/emphasis text, table cells, and contact-section labels remain legible regardless of the active theme.
v1.0 May 11, 2026 Initial publication under the Upmos Gold Standard policy format with full accessibility chrome, JSON-LD schema, dark mode, reading progress bar, two-column TOC, jump-bar, and Department Directory contact table.

HomeMenuWishlistCompareTo Top