Summary
Limoni Apps BV engages the following subprocessors to provide and support the Discount Ninja application. Each subprocessor processes personal data only as necessary to provide its services and under appropriate contractual safeguards.
Microsoft Azure
Field | Description |
Legal entity | Microsoft Corporation |
Category | Cloud infrastructure / hosting |
Purpose / nature of processing | Hosting of application services, databases, and configuration data |
Categories of personal data | Merchant admin data; anonymous device GUID |
Data subjects | Merchants |
Processing location(s) | United States (Azure US regions; exact region may change) |
Storage vs access | Persistent storage and compute |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); Microsoft Data Protection Addendum |
Retention context | Data retained in accordance with Limoni Apps BV retention policies as described in the RoPA |
Amazon Web Services (AWS) – Front Door Backup Only
Field | Description |
Legal entity | Amazon Web Services, Inc. |
Category | Failover routing / networking (backup only) |
Purpose / nature of processing | Backup routing and request handling when primary infrastructure is unavailable |
Categories of personal data | Merchant admin data (transient) |
Data subjects | Merchants Store Visitors / End customers |
Processing location(s) | United States |
Storage vs access | Transit only; no persistent storage |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); AWS Data Processing Addendum |
Retention context | No data retained beyond transient request handling |
Cloudflare
Field | Description |
Legal entity | Cloudflare, Inc. |
Category | Content delivery network (CDN) / DNS / security |
Purpose / nature of processing | Network delivery, performance optimization, and security protection |
Categories of personal data | Routing metadata; IP addresses; limited request identifiers |
Data subjects | Merchants Store Visitors / End customers |
Processing location(s) | Global (Cloudflare network) |
Storage vs access | Transit and short-term caching |
International transfers | Yes (global routing) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); Cloudflare Data Processing Addendum |
Retention context | Cached data retained per TTL; no long-term storage of personal data |
Bugsnag
Field | Description |
Legal entity | Bugsnag, Inc. |
Category | Error tracking & monitoring |
Purpose / nature of processing | Collection of application errors and diagnostics |
Categories of personal data | Merchant admin data contained in error logs |
Data subjects | Merchants |
Processing location(s) | United States |
Storage vs access | Stored error logs |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); vendor DPA |
Retention context | Error logs retained according to configured retention settings |
Intercom
Field | Description |
Legal entity | Intercom, Inc. |
Category | Customer support & messaging |
Purpose / nature of processing | Handling merchant support requests and communications |
Categories of personal data | Merchant admin data; support message content |
Data subjects | Merchants |
Processing location(s) | United States |
Storage vs access | Stored support conversations |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); Intercom DPA |
Retention context | Retained in accordance with support retention policies |
ClickUp
Field | Description |
Legal entity | Mango Technologies, Inc. |
Category | Customer support & messaging |
Purpose / nature of processing | Handling merchant support requests and communications |
Categories of personal data | Merchant admin data; support message content |
Data subjects | Merchants |
Processing location(s) | United States |
Storage vs access | Stored support conversations |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); ClickUp DPA |
Retention context | Retained in accordance with support retention policies |
Amazon SES
Field | Description |
Legal entity | Amazon Web Services, Inc. |
Category | Email delivery |
Purpose / nature of processing | Delivery of transactional and operational emails |
Categories of personal data | Merchant admin data; usage metadata |
Data subjects | Merchants |
Processing location(s) | United States |
Storage vs access | Transit and short-term delivery logs |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); vendor DPAs |
Retention context | Message data retained only as required for delivery and troubleshooting |
SendGrid
Field | Description |
Legal entity | SendGrid, Inc. |
Category | Email delivery |
Purpose / nature of processing | Delivery of transactional and operational emails |
Categories of personal data | Merchant admin data; usage metadata |
Data subjects | Merchants |
Processing location(s) | United States |
Storage vs access | Transit and short-term delivery logs |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); vendor DPAs |
Retention context | Message data retained only as required for delivery and troubleshooting |
Microsoft Clarity
Field | Description |
Legal entity | Microsoft Corporation |
Category | Analytics (admin interface only) |
Purpose / nature of processing | Usage analytics to improve the merchant admin UI |
Categories of personal data | Pseudonymous usage analytics; session identifiers |
Data subjects | Merchants |
Processing location(s) | Global |
Storage vs access | Analytics data storage |
International transfers | Yes |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); Microsoft DPA |
Retention context | Retained per configured analytics retention settings |
HubSpot
Field | Description |
Legal entity | HubSpot, Inc. |
Category | CRM / communications |
Purpose / nature of processing | Management of merchant contacts and communications |
Categories of personal data | Merchant admin data |
Data subjects | Merchants |
Processing location(s) | United States |
Storage vs access | Stored CRM records |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); HubSpot DPA |
Retention context | Retained per CRM configuration and retention policies |
Canny
Field | Description |
Legal entity | Canny, Inc. |
Category | Product feedback & feature requests |
Purpose / nature of processing | Collection and management of merchant feedback |
Categories of personal data | Merchant admin data; feedback content |
Data subjects | Merchants |
Processing location(s) | United States |
Storage vs access | Stored feedback entries |
International transfers | Yes (EEA → US) |
Transfer mechanism & safeguards | Standard Contractual Clauses (SCCs); vendor DPA |
Retention context | Retained until feedback is deleted or anonymized |
Shopify
Field | Description |
Legal entity | Shopify Inc. |
Category | Platform provider |
Purpose / nature of processing | Core app integration, authentication, and order processing |
Categories of personal data | Merchant admin data; order-related data |
Data subjects | Merchants Store Visitors / End customers |
Processing location(s) | Global (Shopify infrastructure) |
Storage vs access | Storage and processing as required by platform |
International transfers | Yes |
Transfer mechanism & safeguards | Shopify Data Processing Addendum |
Retention context | Governed by Shopify’s data retention policies |
Transfer Impact Assessment
Limoni Apps BV ensures that all subprocessors are subject to appropriate contractual safeguards in accordance with GDPR Article 28 and Chapter V. International data transfers are assessed through a documented Transfer Impact Assessment (TIA) and reviewed on a periodic basis or upon material changes.