Last Updated: January 2026
This page lists the authorized sub-processors that DataForB2B engages to process customer data in connection with providing our Services. We carefully select and vet all sub-processors to ensure they meet our security and privacy standards.
Change Notifications
We will provide at least 14 days' notice before adding new sub-processors or making material changes to existing ones. You may object to a new sub-processor within 7 days of notice as described in our Data Processing Agreement.
Service Provided: Infrastructure and hosting services
Data Processed: Customer data, API requests, application data
Location: Germany (EU)
Website: netcup.com
Purpose: Cloud infrastructure and server hosting for the DataForB2B platform
Service Provided: Content delivery network (CDN) and security services
Data Processed: Website traffic data, IP addresses, request logs
Location: United States (with global CDN network)
Website: cloudflare.com
Purpose: CDN, DDoS protection, web application firewall, and performance optimization
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)
Service Provided: Object storage (S3-compatible)
Data Processed: Files, backups, and static assets
Location: United States (with global distribution)
Website: cloudflare.com/r2
Purpose: Storage for data backups, file storage, and content distribution
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)
Service Provided: Authentication services (OAuth/Sign-in with Google)
Data Processed: Email addresses, names, profile information for authentication
Location: United States (with global presence)
Website: google.com
Purpose: User authentication and account sign-up/sign-in functionality
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)
Service Provided: Database services (MongoDB Atlas)
Data Processed: Customer data, business contact information, API data, user account information
Location: Configurable (we use EU regions)
Website: mongodb.com
Purpose: Primary database for storing application data, user accounts, and business information
Data Transfer Mechanism: Data stored in EU regions, Standard Contractual Clauses (SCCs) for any transfers
Service Provided: Website analytics and usage tracking
Data Processed: Website visitor data, page views, user interactions, anonymized IP addresses
Location: United States (with global processing)
Website: analytics.google.com
Purpose: Website analytics, performance monitoring, and understanding user behavior
Data Transfer Mechanism: Standard Contractual Clauses (SCCs), IP anonymization enabled
Note: Users can opt-out of Google Analytics tracking through their browser settings or cookie preferences.
All sub-processors are required to:
Where sub-processors are located outside the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards are in place:
We will update this page when we add new sub-processors or make material changes to existing ones. Customers will be notified via email at least 14 calendar days before any changes take effect.
If you object to a new sub-processor, please notify us in writing within 7 days of receiving notice by emailing dpo@dataforb2b.ai
If you have questions about our sub-processors or data processing practices, please contact us:
Last updated: January 2026
This page is maintained in accordance with our Data Processing Agreement and Privacy Policy.