Praxora — Sub-processors
Last updated: 2026-04-29
This page lists the third-party service providers ("sub-processors") that Praxora (RODEAPPS SRL, Romania) engages to help operate the Praxora Ads service. Each sub-processor is bound by a data processing agreement (DPA) with us, and by the EU Standard Contractual Clauses (SCCs) where applicable.
We will give merchants advance notice of any new sub-processor by updating this page and (for material changes) sending an email or in-app notice. If a merchant objects to a new sub-processor, the only available remedy is termination of the subscription.
Current sub-processors
| Sub-processor | Purpose | Data location | Personal data processed | Transfer mechanism |
|---|---|---|---|---|
| Amazon Web Services (AWS), EMEA | Application hosting (EC2, S3, RDS) | Frankfurt, eu-central-1 (EU) | All Merchant Data: Shopify-pulled metrics, ad-platform metrics, audit logs, encrypted OAuth tokens, Content Studio uploaded assets | Intra-EU; no transfer |
| Cloudflare, Inc. | CDN, DNS, TLS termination, Email Routing for praxora.io, cookieless web analytics, Pages hosting (marketing site), Tunnel for the App | Global edge (varies by request); Email Routing in US | IP addresses, request metadata, marketing-site analytics, inbound email transit | EU SCCs (Module 3 / 4 as applicable) + supplementary measures |
| Large-language-model API provider (current vendor disclosed on request) | API for AI insights, daily-briefing generation, and (Pro tier) creative-text reformatting | United States | Aggregated, merchant-level ad performance data sent in API prompts; never individual customer-identifying Shopify data | EU SCCs (Module 2) + contractual no-training, no-retention agreement |
| Resend (Resend, Inc.) | Transactional email delivery (waitlist, daily briefing, system alerts, support replies) | EU and US (per region) | Recipient email addresses, message bodies | EU SCCs (Module 2) |
| Shopify Inc. | Shopify App Store distribution, billing API, embedded-app authentication, mandatory data-deletion webhooks | Global (Shopify-managed) | Shop owner identity, store metadata, billing status | Governed by the Shopify Partner Program Agreement and Shopify's own DPA |
| Meta Platforms, Inc. | Connection to merchant's Meta Marketing API for ad-performance data and (Pro tier) campaign publishing | Global (Meta-managed) | Authorized API calls to merchant's Meta ad account; we do not store Meta user data beyond OAuth tokens | API integration on merchant's behalf; merchant accepts Meta's terms when authorizing |
| TikTok ByteDance | Connection to merchant's TikTok Marketing API (when TikTok integration is live) | Global (TikTok-managed) | Authorized API calls to merchant's TikTok ad account | API integration on merchant's behalf; merchant accepts TikTok's terms when authorizing |
What "personal data" means here
For most merchants, the personal data we process is limited to:
- The shop owner's email address and contact details (for delivery of the daily briefing and support)
- Aggregate, account-level ad-performance metrics that do not identify individual end-customers
- Encrypted OAuth tokens scoped to the merchant's connected ad accounts
- (Pro tier) creative assets the merchant chooses to upload
We do not pull or store individual customer-identifying Shopify data (e.g., Shopify customer email addresses, phone numbers, addresses) on our infrastructure beyond what's strictly needed to compute merchant-level summary metrics. Mandatory Shopify customer-data webhooks are honored within the timelines required by Shopify.
Notification of new sub-processors
When we add a new sub-processor that processes Merchant Data, we will:
- Update this page at least 30 days before the change takes effect (where the new sub-processor processes substantive personal data)
- Send an email to the primary contact on each active subscription
- Provide a 30-day window for objection. If you object, the only available remedy is termination of your subscription.
Contact
Questions about sub-processors: privacy@praxora.io.