Under the UK GDPR and Data Protection Act 2018, Aserta Ltd is required to disclose all sub-processors that process personal data on behalf of merchants. This page lists all current sub-processors and their data processing functions.
How to Request Changes: If you object to the use of any sub-processor, please contact dpo@getaserta.com within 30 days of notification. We will consider your objection in good faith.
Purpose: Render hosts the Aserta application infrastructure, including the backend API, database servers, and web servers. All personal data is stored on Render's encrypted servers located in the United States.
Data Processing: Personal data related to merchant stores and product information is stored in Render's PostgreSQL databases with AES-256 encryption.
Location: United States
Data Protection: Render maintains SOC 2 Type II compliance and provides DDoS protection, Web Application Firewall (WAF), and intrusion detection systems.
Privacy Policy: https://render.com/privacy
Data Processing Agreement: Render offers a Data Processing Addendum (DPA) available upon request.
Active Since: 2025Purpose: Shopify provides the platform through which Aserta accesses merchant store data via OAuth 2.0 API integration. Shopify acts as the data controller for store information, while Aserta acts as the processor.
Data Processing: Personal data is transmitted between Shopify and Aserta via encrypted API calls. Shopify webhooks notify Aserta of store events (product updates, GDPR data requests).
Location: United States / Canada (Shopify's infrastructure)
Data Protection: Shopify maintains SOC 2 Type II compliance and offers a Data Transfer Addendum for GDPR compliance.
Privacy Policy: https://www.shopify.com/legal/privacy
Data Processing Agreement: Shopify's Data Transfer Addendum is incorporated into the Aserta Data Processing Agreement.
Active Since: 2025We are currently evaluating the following potential sub-processors. Merchants will be notified 30 days before any new sub-processors begin processing personal data:
| Subprocessor Name | Function | Status | Expected Integration |
|---|---|---|---|
| SendGrid (Twilio) | Email notifications for compliance alerts and billing updates | Under Evaluation | Q3 2026 |
| Sentry | Error logging and application monitoring | Under Evaluation | Q2 2026 |
Aserta will notify merchants of any changes to sub-processors as follows:
Merchants have the right to object to the use of a new sub-processor within 30 days of notification. To object, please contact:
Email: dpo@getaserta.com
Subject Line: "Subprocessor Objection - [Subprocessor Name]"
We will consider all objections in good faith. If you have material concerns about a sub-processor's data protection practices, we are committed to working with you to find alternatives.
All sub-processors used by Aserta must meet the following requirements:
As a merchant using Aserta, you have the right to:
If you have questions about our sub-processors, their data protection practices, or how your data is handled, please contact our Data Protection Officer:
Data Protection Officer (DPO):
Email: dpo@getaserta.com
Postal Address: Aserta Ltd, Eldridge Gardens, Romsey, Hampshire, United Kingdom
| Date | Change | Details |
|---|---|---|
| 2026-03-05 | Page Created | Initial subprocessor list published: Render and Shopify |