Third-Party Subprocessors

Third-Party Subprocessors

Date of Last Revision: November 10, 2025

Commerce Third-Party Subprocessors

When acting as a processor on behalf of merchants in providing ecommerce Services, Commerce.com and its affiliates﻿1﻿ may engage the following third-party subprocessors.﻿2﻿ These subprocessors may process certain types of personally identifiable information (PII) associated with shoppers that interact with merchant storefronts. 

Name

Processing Activity

Purpose of Processing

Corp HQ

Amazon

Analytics
﻿
Data hosting

Online store metrics
﻿
Hosting customer / product catalog data, feed data, logs, etc.

USA

Atlassian

Office productivity and communication

Process/project management and product support

USA, Australia

Cloudflare

DDoS mitigation, threat detection, and CDN

DDoS protection, digital threats monitoring, and accelerated content delivery

USA, with globally decentralized CDN

Confluent

Analytics data pipeline	

Infrastructure management, data piping between systems that lack native integrations	

USA

Google

Hosting, platform functionality, and office productivity

Infrastructure hosting, document management, and communications

USA, Germany, or Australia	

Sentry I/O by Functional Software

Performance improvement, error logging, and troubleshooting

Error monitoring for Commerce.com application and infrastructure Services	

USA

Snowflake

Data warehouse

Internal analytics warehouse

USA

The Functionary

Support

Technical support for merchants who are having issues with the Commerce.com application

El Salvador

Sysdig

Security

Environment and log monitoring for Commerce.com application and infrastructure

USA

Sumo Logic

Security

Log collection, alerting, and monitoring for security alerts concerning Commerce.com, Commerce.com applications and infrastructure

USA

Relyance AI

Privacy

Automated Personal Data Mapping and generation of privacy documentation

USA

ServiceNow Cloud Observability

Platform observability, Security

Telemetry and log collection for monitoring platform services

USA

Teleport (Gravitational Inc)

Platform observability, Security

Platform administration and access management

USA

EPAM

Development

Infrastructure development resources

EMEA, APAC, Americas

Feedonomics Third-Party Subprocessors

Feedonomics Holdings LLC and its affiliates engage the following third-party entities to act as sub-processors in assisting with providing services.

Subcontractor

Services performed

Purpose of Processing

Country

Microsoft

Endpoint management﻿﻿

Device management for employee machines: ensuring security policies are enforced, updating patches/antivirus.

United States

AgileBits, Inc.

Password management

Storing, managing credentials securely (passwords, secrets) for internal users

United States

NewRelic

System and application monitoring

Collecting telemetry, logs, performance metrics from Feedonomics systems

United States

Cube27

Resourcing (contractors)

Contractor services: support, operations tasks

India

Microsourcing

Resourcing (contractors)

Contractor services: support, operations tasks

Philippines

FDX South Africa

Resourcing (contractors)

Contractor services: support, operations tasks

South Africa

Commerce Extension Third-Party

Customer elected Extensions as a Service offering provided by Commerce

Subcontractor

Services performed

Purpose of Processing

Country

Noibu

Commerce Extension- Noibu

Collecting and analyzing error and logging data to diagnose user-impacting issues.

United States

﻿1 Each Commerce Entity is bound by the Commerce.com DPA. Any PII processed by, or transferred between, Commerce affiliates is further subject to the internal protections of an intra-group data transfer agreement (IGA), which has been signed by all Commerce.com affiliates and requires substantially the same level of data protection as that provided to merchants under the Commerce.com DPA.
﻿
﻿﻿2As set forth in the Commerce.com DPA, a Commerce Entity does not transfer any PII to subprocessors without: (i) a security assessment, (ii) a privacy assessment, including an assessment of transfer impact; and (iii) a data protection agreement that requires substantially the same level of data protection as that provided to merchants under the Commerce.com DPA.

Google

Hosting, platform functionality, and office productivity

Infrastructure hosting, document management, and communications

USA, Germany, or Australia	

Sentry I/O by Functional Software

Performance improvement, error logging, and troubleshooting

Error monitoring for Commerce.com application and infrastructure Services	

USA

Snowflake

Data warehouse

Internal analytics warehouse

USA

The Functionary

Support

Technical support for merchants who are having issues with the Commerce.com application

El Salvador

Sysdig

Security

Environment and log monitoring for Commerce.com application and infrastructure

USA

Sumo Logic

Security

Log collection, alerting, and monitoring for security alerts concerning Commerce.com, Commerce.com applications and infrastructure

USA

Relyance AI

Privacy

Automated Personal Data Mapping and generation of privacy documentation

USA

ServiceNow Cloud Observability

Platform observability, Security

Telemetry and log collection for monitoring platform services

USA

Teleport (Gravitational Inc)

Platform observability, Security

Platform administration and access management

USA

EPAM

Development

Infrastructure development resources

EMEA, APAC, Americas

Subcontractor

Services performed

Purpose of Processing

Country

Microsoft

Endpoint management﻿﻿

Device management for employee machines: ensuring security policies are enforced, updating patches/antivirus.

United States

AgileBits, Inc.

Password management

Storing, managing credentials securely (passwords, secrets) for internal users

United States

NewRelic

System and application monitoring

Collecting telemetry, logs, performance metrics from Feedonomics systems

United States

Cube27

Resourcing (contractors)

Contractor services: support, operations tasks

India

Microsourcing

Resourcing (contractors)

Contractor services: support, operations tasks

Philippines

FDX South Africa

Resourcing (contractors)

Contractor services: support, operations tasks

South Africa

﻿1 Each Commerce Entity is bound by the Commerce.com DPA. Any PII processed by, or transferred between, Commerce affiliates is further subject to the internal protections of an intra-group data transfer agreement (IGA), which has been signed by all Commerce.com affiliates and requires substantially the same level of data protection as that provided to merchants under the Commerce.com DPA.
﻿
﻿﻿2As set forth in the Commerce.com DPA, a Commerce Entity does not transfer any PII to subprocessors without: (i) a security assessment, (ii) a privacy assessment, including an assessment of transfer impact; and (iii) a data protection agreement that requires substantially the same level of data protection as that provided to merchants under the Commerce.com DPA.