Effective Date: May 14, 2026 Last Reviewed: May 14, 2026
Operator: TXTechSolutions Product: TradeMate Contact: support@yourtrademate.io
Introduction
What Is a Sub-processor?
A "sub-processor" is a third-party organization that TXTechSolutions engages to process personal data on behalf of TradeMate and its users, acting under our instructions and in support of delivering the Service. Sub-processors do not process your personal data for their own purposes; they act solely as data processors at our direction, within the scope of purposes described in this document.
For the avoidance of doubt, this document covers vendors and service providers that:
- Receive, store, transmit, or otherwise interact with personal data of TradeMate users in the course of providing their services to us; and
- Do so in a capacity where they are acting on TXTechSolutions' instructions (as a processor), rather than as an independent data controller.
This document does not cover third-party services that process data purely as independent data controllers (such as your brokerage, whose own privacy practices are governed by its own privacy policy).
Data Processing Agreements
TXTechSolutions maintains a Data Processing Agreement (DPA) with each sub-processor listed in this document. These agreements:
- Restrict each sub-processor to processing personal data solely as instructed by TXTechSolutions for the purposes described herein.
- Require each sub-processor to implement appropriate technical and organizational security measures.
- Obligate each sub-processor to assist us in fulfilling our obligations under GDPR (including responding to data subject rights requests), CCPA, and other applicable data protection laws.
- Prohibit sub-processors from retaining personal data beyond what is necessary to provide their services and require secure deletion thereafter.
- Require notification to TXTechSolutions in the event of a personal data breach.
For transfers of personal data from the European Economic Area (EEA) to sub-processors located in third countries (including the United States), TXTechSolutions relies on Standard Contractual Clauses (SCCs) pursuant to the European Commission's Implementing Decision (EU) 2021/914, and/or additional adequacy mechanisms such as the EU-U.S. Data Privacy Framework, as applicable.
Copies of applicable SCCs or summaries of transfer mechanisms for specific sub-processors are available upon request by contacting support@yourtrademate.io.
Current Sub-processors
The following table lists all sub-processors currently engaged by TXTechSolutions in connection with the TradeMate Service, as of the Effective Date above.
| Sub-processor | Jurisdiction | Purpose | Data Transferred | Legal Basis for Transfer (EEA to Third Countries) |
|---|---|---|---|---|
| Hetzner Online GmbH | Germany (European Union) | Primary cloud infrastructure provider. Hosts TradeMate's application servers, primary relational database (Postgres + TimescaleDB), vector database (pgvector), cache and queue services (Valkey), and all primary data storage. All user personal data stored by TradeMate at rest resides primarily within Hetzner's German data centers. | Account data, profile data, trading and financial data, broker connection tokens (encrypted), usage logs, communications data, application metrics. | No cross-border transfer; data remains within the EEA. EU-based sub-processor subject to GDPR directly. |
| Supported brokerage providers | United States or other applicable jurisdictions | Brokerage connectivity layer. TradeMate integrates with supported broker APIs to enable users to connect brokerage accounts for live trading analytics, portfolio data ingestion, and (for supported tiers) trade signal delivery. Data is transmitted to the connected brokerage provider solely to the extent necessary to authenticate the user's connection and retrieve account metadata and portfolio data. | Broker OAuth tokens or API credentials (encrypted in transit); account identifiers required for API authentication; portfolio position summaries returned from supported broker APIs. | Standard Contractual Clauses (Module 2: Controller to Processor), where applicable. Users also independently agree to the connected broker's own terms and privacy policy in their capacity as a brokerage account holder. |
| Dodo Payments | United States | Payment processing and subscription management. Dodo Payments processes subscription transactions for TradeMate Pro and Elite tiers. TXTechSolutions does not store raw payment card data; all cardholder data is handled directly by Dodo Payments and is subject to PCI-DSS standards. | Name, email address, billing address, subscription plan, transaction identifiers, and payment method metadata (e.g., last four digits of card, card type). Raw payment card numbers, CVVs, and full card data are never transmitted to or stored by TXTechSolutions. | Standard Contractual Clauses (Module 2: Controller to Processor). |
| Anthropic PBC | United States | Large language model (LLM) AI inference. Anthropic's Claude API is used by TradeMate to power AI-assisted analytics and signal reasoning for Elite tier users only. When an Elite tier user requests AI-generated analysis, relevant context (strategy configuration, market data summaries, and anonymized portfolio metrics) is transmitted to Anthropic's API for inference. Personal data submitted to Anthropic is subject to Anthropic's API data usage policies, including commitments that API inputs are not used to train their models unless explicitly opted in. | Strategy configuration parameters, aggregated and anonymized portfolio metrics, market data context, and user-provided prompts or questions to the AI assistant. Directly identifying information (name, email) is not included in inference payloads. | Standard Contractual Clauses (Module 2: Controller to Processor). Applies to Elite tier users only. |
| Amazon Web Services, Inc. | United States | Transactional email delivery via Amazon Simple Email Service (SES). Used to send account-related transactional emails including registration confirmations, password reset emails, billing receipts, security alerts, and service notifications. | Email address, name (used in email salutation), and the content of transactional email messages. Email metadata (timestamps, delivery status) is retained by AWS SES per its standard practices. | Standard Contractual Clauses (Module 2: Controller to Processor). AWS participates in the EU-U.S. Data Privacy Framework. |
| Cloudflare, Inc. | United States | DNS resolution, content delivery network (CDN), and DDoS mitigation. Cloudflare acts as a reverse proxy for TradeMate's public web endpoints. Network traffic destined for TradeMate passes through Cloudflare's global edge network before reaching origin servers. Cloudflare processes connection metadata including IP addresses for the purposes of routing, DDoS mitigation, and basic traffic analytics. | IP addresses, HTTP request metadata (URL paths, headers, timestamps, HTTP status codes), TLS handshake data, and general traffic volume metrics. Cloudflare does not receive the content of authenticated API requests or user personal data stored within TradeMate's database. | Standard Contractual Clauses (Module 2: Controller to Processor). Cloudflare participates in the EU-U.S. Data Privacy Framework. |
Notification of Changes to Sub-processors
Adding New Sub-processors
TXTechSolutions will provide notice to users at least 30 days before engaging a new sub-processor that will process personal data of TradeMate users. Notice will be provided by:
- Updating this Sub-processor Policy with the new sub-processor's details and updating the Effective Date.
- Sending an email notification to registered users at the email address associated with their account, describing the new sub-processor and the personal data to be processed.
- Posting a notice within the TradeMate Service interface.
If you have objections to the engagement of a new sub-processor on data protection grounds, you may contact us at support@yourtrademate.io before the 30-day notice period expires. We will work with you to address your concerns. If we are unable to resolve your objection, you may terminate your TradeMate account and request deletion of your personal data as described in our Privacy Policy.
Removing or Replacing Sub-processors
When a sub-processor is removed from our list (e.g., due to a change in service provider), we will update this document and, where the change materially affects the processing of your personal data, provide appropriate notice.
Modifying Existing Sub-processor Arrangements
If the scope of data processing by an existing sub-processor materially expands (e.g., a sub-processor begins processing additional categories of personal data), we will treat this as a change requiring 30-day advance notice.
Changes to This Policy
This Sub-processor Policy is maintained as a living document and will be updated whenever our sub-processor arrangements change. The "Effective Date" and "Last Reviewed" fields at the top of this document reflect the date on which the current version became operative.
We encourage you to review this document periodically. For questions about our sub-processor arrangements or to request copies of Data Processing Agreements or Standard Contractual Clauses, contact us at support@yourtrademate.io.
Contact
TXTechSolutions — TradeMate Privacy Email: support@yourtrademate.io Subject line: "Sub-processor Policy Inquiry" or "DPA / SCC Request"
For broader information about how we handle your personal data, refer to our Privacy Policy.
This Sub-processor Policy is published to fulfill transparency obligations under GDPR Article 28(3)(a) and Article 13/14, and to satisfy enterprise customer due diligence requirements. It does not modify or supersede the terms of any Data Processing Agreement executed between TXTechSolutions and a customer organization.