Subprocessor Policy
Who processes data on our behalf, and how they're controlled.
Company: EcomSarthi Business Solutions LLP ("EcomSarthi", "we", "us", "our")
Product: Ecom10x — One Dashboard. Every Marketplace. (the "Platform" or "Service")
Effective Date: [EFFECTIVE_DATE — e.g., 1 August 2026] · Version: [VERSION — e.g., 1.0] · Next Review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]
1. What a Subprocessor Is
A subprocessor is a third party we engage to process Customer Data (which may include personal data) to help deliver Ecom10x — for example, cloud hosting or transactional email.
2. Current Subprocessors
| Provider | Purpose | Data Involved | Location of Processing |
|---|---|---|---|
| Vercel Inc. | Application hosting & delivery | All Service traffic and application data in transit | Global edge; primary compute region as configured |
| Turso (ChiselStrike, Inc.) | Managed database | Customer Data at rest (encrypted) | AWS ap-south-1 (Mumbai) region as configured |
| [EMAIL_PROVIDER — e.g., Resend, if enabled] | Transactional email | Email address, notification content | [PROVIDER_REGION] |
| [PAYMENT_PROVIDER — e.g., Razorpay, when billing is enabled] | Subscription billing | Billing name, contact, payment references (card data handled by the gateway, not us) | India |
| [MESSAGING_PROVIDER — e.g., Meta WhatsApp Cloud API, if enabled by you] | WhatsApp notifications | Recipient number, message content | Per provider |
| [AI_PROVIDER — e.g., Anthropic, if AI features enabled] | AI-assisted drafting/insights | Only the text/data needed for the requested output (see AI Usage Policy) | Per provider |
Entries marked with brackets apply only when the corresponding feature is enabled and will be confirmed (with regions) before public launch. This table is the authoritative list and is updated when subprocessors change.
3. Contractual Controls
Each subprocessor is bound by written terms requiring confidentiality, security measures appropriate to the data, processing only on our instructions, and deletion on termination. We assess providers' published security practices before engagement.
4. Change Notice & Objection
We provide at least 15 days' notice of new or replacement subprocessors (via this page and/or email to account owners). Customers with a DPA may object as described therein.
5. Liability
We remain responsible to you for our subprocessors' performance of data-protection obligations to the same extent as if we performed them ourselves.
Governing Law & Dispute Resolution
This document is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, without regard to conflict-of-law principles.
Any dispute arising out of or in connection with this document shall first be attempted to be resolved amicably through good-faith negotiation within thirty (30) days of written notice. Failing amicable resolution, the dispute shall be referred to arbitration by a sole arbitrator appointed in accordance with the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be [JURISDICTION_CITY — e.g., New Delhi], India, and proceedings shall be conducted in English. Subject to the foregoing, the courts at [JURISDICTION_CITY — e.g., New Delhi], India shall have exclusive jurisdiction.
Contact
EcomSarthi Business Solutions LLP
[REGISTERED_OFFICE_ADDRESS OF ECOMSARTHI BUSINESS SOLUTIONS LLP]
Support: [SUPPORT_EMAIL — e.g., support@ecom10x.in] · Legal: [LEGAL_EMAIL — e.g., legal@ecom10x.in] · Phone: [SUPPORT_PHONE_NUMBER]