← Trust Center & Legal
API & Integrations

Subprocessor Policy

Who processes data on our behalf, and how they're controlled.

Company: EcomSarthi Business Solutions LLP ("EcomSarthi", "we", "us", "our")
Product: Ecom10x — One Dashboard. Every Marketplace. (the "Platform" or "Service")
Effective Date: [EFFECTIVE_DATE — e.g., 1 August 2026] · Version: [VERSION — e.g., 1.0] · Next Review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]

1. What a Subprocessor Is

A subprocessor is a third party we engage to process Customer Data (which may include personal data) to help deliver Ecom10x — for example, cloud hosting or transactional email.

2. Current Subprocessors

ProviderPurposeData InvolvedLocation of Processing
Vercel Inc.Application hosting & deliveryAll Service traffic and application data in transitGlobal edge; primary compute region as configured
Turso (ChiselStrike, Inc.)Managed databaseCustomer Data at rest (encrypted)AWS ap-south-1 (Mumbai) region as configured
[EMAIL_PROVIDER — e.g., Resend, if enabled]Transactional emailEmail address, notification content[PROVIDER_REGION]
[PAYMENT_PROVIDER — e.g., Razorpay, when billing is enabled]Subscription billingBilling name, contact, payment references (card data handled by the gateway, not us)India
[MESSAGING_PROVIDER — e.g., Meta WhatsApp Cloud API, if enabled by you]WhatsApp notificationsRecipient number, message contentPer provider
[AI_PROVIDER — e.g., Anthropic, if AI features enabled]AI-assisted drafting/insightsOnly the text/data needed for the requested output (see AI Usage Policy)Per provider

Entries marked with brackets apply only when the corresponding feature is enabled and will be confirmed (with regions) before public launch. This table is the authoritative list and is updated when subprocessors change.

3. Contractual Controls

Each subprocessor is bound by written terms requiring confidentiality, security measures appropriate to the data, processing only on our instructions, and deletion on termination. We assess providers' published security practices before engagement.

4. Change Notice & Objection

We provide at least 15 days' notice of new or replacement subprocessors (via this page and/or email to account owners). Customers with a DPA may object as described therein.

5. Liability

We remain responsible to you for our subprocessors' performance of data-protection obligations to the same extent as if we performed them ourselves.

Governing Law & Dispute Resolution

This document is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, without regard to conflict-of-law principles.

Any dispute arising out of or in connection with this document shall first be attempted to be resolved amicably through good-faith negotiation within thirty (30) days of written notice. Failing amicable resolution, the dispute shall be referred to arbitration by a sole arbitrator appointed in accordance with the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be [JURISDICTION_CITY — e.g., New Delhi], India, and proceedings shall be conducted in English. Subject to the foregoing, the courts at [JURISDICTION_CITY — e.g., New Delhi], India shall have exclusive jurisdiction.

Contact

EcomSarthi Business Solutions LLP
[REGISTERED_OFFICE_ADDRESS OF ECOMSARTHI BUSINESS SOLUTIONS LLP]
Support: [SUPPORT_EMAIL — e.g., support@ecom10x.in] · Legal: [LEGAL_EMAIL — e.g., legal@ecom10x.in] · Phone: [SUPPORT_PHONE_NUMBER]