Skip to main content
Altera - Matrixify-Compatible Import & Export Tool for Shopify
  1. EU Data Protection/

Sub-processor List

Table of Contents

Last Updated: February 6, 2026

Overview
#

This page lists all Sub-processors engaged by Abnoba LLC to assist in providing the Altera services. Each Sub-processor has been carefully selected and is contractually bound to data protection standards equivalent to those in our Data Processing Agreement (DPA).

Notification of Changes
#

In accordance with our DPA, we will provide at least 30 days’ advance notice to customers before adding or replacing any Sub-processor. Customers may object to a new Sub-processor on reasonable grounds relating to data protection.

To receive notifications of Sub-processor changes, ensure your contact information is current in your Altera account settings.

Current Sub-processors
#

Infrastructure and Hosting
#

Google Cloud Platform (GCP)
#

  • Entity Name: Google LLC
  • Location: United States (multiple regions available)
  • Purpose: Cloud infrastructure and hosting services for Altera application
  • Data Processed: All customer data processed through Altera, including Shopify store data during import/export operations
  • Security Certifications: ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II, SOC 3, PCI DSS
  • Privacy Policy: https://policies.google.com/privacy
  • DPA Available: Yes (https://cloud.google.com/terms/data-processing-addendum)
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)

Third-Party Integrations
#

Google Workspace
#

  • Entity Name: Google LLC
  • Location: United States
  • Purpose: Google Sheets and Google Drive integration
  • Data Processed: Data uploaded to or downloaded from Google Sheets/Drive by customers
  • Security Certifications: ISO 27001, SOC 2 Type II
  • Privacy Policy: https://policies.google.com/privacy
  • DPA Available: Yes
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)

Shopify
#

  • Entity Name: Shopify Inc.
  • Location: Canada (Ottawa)
  • Purpose: Access to customer’s Shopify store data via API
  • Data Processed: All Shopify store data that customers import/export
  • Security Certifications: ISO 27001, SOC 2 Type II
  • Privacy Policy: https://www.shopify.com/legal/privacy
  • DPA Available: Yes
  • Transfer Mechanism: Adequacy Decision (Canada)

Customer Support and Communication
#

Intercom
#

  • Entity Name: Intercom, Inc.
  • Location: United States (San Francisco, CA)
  • Purpose: Customer support platform for managing support tickets, live chat, and customer communications
  • Data Processed: Customer email addresses, names, support conversations, Altera account information, import/export data
  • Security Certifications: SOC 2 Type II, ISO 27001
  • Privacy Policy: https://www.intercom.com/legal/privacy
  • DPA Available: Yes (https://www.intercom.com/legal/dpa)
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)

The Support Heroes
#

  • Entity Name: The Support Heroes LLC
  • Location: Spain
  • Purpose: Third-party customer support services, operating via Intercom on behalf of Abnoba
  • Data Processed: Customer email addresses, names, support conversations, Altera account information
  • Privacy Policy: https://www.thesupportheroes.com/policies/privacy-policy
  • DPA Available: Yes
  • Transfer Mechanism: Not required (located in the EU)

Postmark
#

  • Entity Name: AC PM LLC
  • Location: United States (Philadelphia, PA)
  • Purpose: Transactional email delivery service
  • Data Processed: Customer email addresses, email content (notifications, receipts, password resets, support communications)
  • Security Certifications: SOC 2 Type II
  • Privacy Policy: https://postmarkapp.com/privacy-policy
  • DPA Available: Yes (https://postmarkapp.com/gdpr)
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)

Analytics and Monitoring
#

Sentry
#

  • Entity Name: Functional Software, Inc. (dba Sentry)
  • Location: United States (San Francisco, CA)
  • Purpose: Application error tracking and performance monitoring
  • Data Processed: Error logs, stack traces, application performance data, user identifiers, request URLs, IP addresses (when included in error context)
  • Security Certifications: SOC 2 Type II, ISO 27001
  • Privacy Policy: https://sentry.io/privacy/
  • DPA Available: Yes (https://sentry.io/legal/dpa/)
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)

PostHog
#

  • Entity Name: PostHog, Inc.
  • Location: European Union (EU data center)
  • Purpose: Product analytics and feature usage monitoring
  • Data Processed: Product usage events, feature interactions, anonymized user identifiers, session data
  • Security Certifications: SOC 2 Type II
  • Privacy Policy: https://posthog.com/privacy
  • DPA Available: Yes (https://posthog.com/dpa)
  • Transfer Mechanism: Not required (data stored in the EU)

Google Analytics
#

  • Entity Name: Google LLC
  • Location: United States
  • Purpose: Website analytics for getaltera.com marketing site
  • Data Processed: IP addresses (anonymized), page views, session data, browser/device information, referral sources
  • Security Certifications: ISO 27001, SOC 2 Type II
  • Privacy Policy: https://policies.google.com/privacy
  • DPA Available: Yes (https://privacy.google.com/businesses/processorterms/)
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)
  • Note: Analytics cookies are only loaded with user consent. IP anonymization is enabled.

AI Services
#

Anthropic
#

  • Entity Name: Anthropic PBC
  • Location: United States (San Francisco, CA)
  • Purpose: AI processing for feature generation (e.g., export titles, data transformations)
  • Data Processed: Personal data is redacted prior to transmission. No personal data is intentionally processed by this service.
  • Privacy Policy: https://www.anthropic.com/privacy
  • DPA Available: Yes
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)
  • Note: Data sent to Anthropic is not used for model training. PII is redacted before transmission.

Google Gemini
#

  • Entity Name: Google LLC
  • Location: United States
  • Purpose: AI processing for feature generation (e.g., export titles, data transformations)
  • Data Processed: Personal data is redacted prior to transmission. No personal data is intentionally processed by this service.
  • Security Certifications: ISO 27001, SOC 2 Type II
  • Privacy Policy: https://policies.google.com/privacy
  • DPA Available: Yes
  • Transfer Mechanism: Standard Contractual Clauses (EU SCCs 2021)
  • Note: Data sent to Google Gemini is not used for model training. PII is redacted before transmission.

Payment Processing
#

Altera subscriptions are billed directly through the Shopify App Store Billing API. All payment processing is handled by Shopify, and Abnoba does not collect, process, or store sensitive payment information. See the Shopify entry under Third-Party Integrations above.

Geographic Distribution
#

Our Sub-processors operate in the following jurisdictions:

  • United States: Google Cloud Platform, Google Workspace, Intercom, Postmark, Sentry, Google Analytics, Anthropic, Google Gemini
  • Spain (EU): The Support Heroes
  • European Union: PostHog (EU data center)
  • Canada: Shopify

For Sub-processors located outside the EEA, we have implemented appropriate safeguards including Standard Contractual Clauses and supplementary measures as described in our Transfer Impact Assessment.

Due Diligence Process
#

Before engaging any Sub-processor, Abnoba conducts due diligence including:

  1. Security and privacy assessment
  2. Review of certifications and compliance standards
  3. Contractual review to ensure GDPR-level obligations
  4. Verification of data transfer mechanisms for international transfers

All Sub-processors are required to:

  • Implement appropriate technical and organizational security measures
  • Process data only on Abnoba’s instructions
  • Maintain confidentiality
  • Assist with data subject rights requests
  • Notify Abnoba of any data breaches
  • Submit to audits as necessary

Sub-processor Changes
#

Recent Changes
#

February 6, 2026: Initial sub-processor list published

Upcoming Changes
#

No upcoming Sub-processor changes are currently planned. This section will be updated at least 30 days before any changes take effect.

Customer Rights
#

Objection to Sub-processors
#

If you object to a new Sub-processor on reasonable data protection grounds, please contact us at privacy@getaltera.com within 14 days of notification. We will work with you to address your concerns, which may include:

  • Providing additional information about the Sub-processor’s security measures
  • Implementing additional contractual safeguards
  • If agreement cannot be reached, allowing you to terminate your subscription

Audit Rights
#

Under our DPA, customers have audit rights concerning Sub-processors. For audit requests, please contact privacy@getaltera.com.

Additional Information
#

For questions about Sub-processors or data processing practices:

Abnoba LLC Email: privacy@getaltera.com

Related Documentation#