Subprocessors

Effective Date: October 1, 2025

Last Updated: October 5, 2025

This page lists all third-party subprocessors that Gate555, a division of Piramesse LLC ("Gate555," "we," "us," or "our"), engages to process personal data on our behalf in connection with the provision of our services.

In accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws, we maintain transparency regarding our data processing practices and the subprocessors we utilize.

We carefully select and regularly assess all subprocessors to ensure they provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to protect personal data.

Notification of Changes

Gate555 will provide notice of any new subprocessors or changes to existing subprocessors through the following mechanisms:

  • Updating this page with the effective date of the change
  • Email notification to registered customers at least thirty (30) days prior to the new subprocessor processing personal data
  • Notice through our partner dashboard for active partners

If you have concerns about a new subprocessor, please contact us at privacy@gate555.com within thirty (30) days of notification.

Current Subprocessors

Cloudflare

Added: October 1, 2025

Infrastructure
Purpose: Content delivery network, DDoS protection, edge computing, and website hosting services
Data Processed: IP addresses, user agent strings, cookies, performance data, log data
Location: United States (with global edge network)
Data Transfer Mechanism: Standard Contractual Clauses (SCCs), EU-U.S. Data Privacy Framework

Supabase

Added: October 1, 2025

Database
Purpose: Database services, authentication, and data storage
Data Processed: Application data, partner information, conversion data, authentication credentials
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)

Google Analytics

Added: October 1, 2025

Analytics
Purpose: Analytics, website performance monitoring, and user behavior analysis
Data Processed: Anonymized usage data, page views, user interactions, device information
Location: United States (with global data centers)
Data Transfer Mechanism: Standard Contractual Clauses (SCCs), EU-U.S. Data Privacy Framework

PostHog

Added: October 1, 2025

Analytics
Purpose: Product analytics, session recording, feature flags, and user behavior tracking
Data Processed: User interactions, session data, feature usage, event tracking, anonymized user identifiers
Location: United States (with EU hosting option)
Data Transfer Mechanism: Standard Contractual Clauses (SCCs), EU-U.S. Data Privacy Framework

Google Ads

Added: October 1, 2025

Advertising
Purpose: Conversion tracking, remarketing, advertising campaign measurement, and ROI analysis
Data Processed: Cookie data, conversion events, ad click data, user demographics, remarketing lists
Location: United States (with global data centers)
Data Transfer Mechanism: Standard Contractual Clauses (SCCs), EU-U.S. Data Privacy Framework

Impact

Added: October 1, 2025

Affiliate Network
Purpose: Affiliate partnership management, conversion tracking, commission processing, and performance reporting
Data Processed: Conversion data, click IDs, transaction values, partner information, commission records, postback URLs
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)

CJ Affiliate

Added: October 1, 2025

Affiliate Network
Purpose: Affiliate partnership management, conversion tracking, commission processing, and performance analytics
Data Processed: Conversion data, click tracking, order details, partner performance metrics, commission calculations
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)

Awin

Added: October 1, 2025

Affiliate Network
Purpose: Global affiliate network operations, conversion tracking, multi-market campaign management, and publisher payments
Data Processed: Conversion events, click data, transaction information, partner credentials, commission data, regional performance metrics
Location: United Kingdom, Germany (with global operations)
Data Transfer Mechanism: Standard Contractual Clauses (SCCs), UK GDPR compliance

Rakuten Advertising

Added: October 1, 2025

Affiliate Network
Purpose: Affiliate marketing platform, conversion attribution, cross-device tracking, and campaign optimization
Data Processed: Conversion tracking data, attribution signals, partner IDs, transaction values, device fingerprints, commission records
Location: United States, Japan (with global infrastructure)
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)

ShareASale

Added: October 1, 2025

Affiliate Network
Purpose: Affiliate network services, real-time conversion tracking, merchant-publisher connections, and payment processing
Data Processed: Transaction data, affiliate links, conversion events, merchant information, publisher earnings, click tracking
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)

Data Protection Measures

Gate555 requires all subprocessors to implement appropriate technical and organizational measures to protect personal data, including:

Encryption of data in transit and at rest
Regular security audits and assessments
Access controls and authentication measures
Incident response and breach notification procedures
Employee training on data protection
Data Processing Agreements (DPAs) in place

International Data Transfers

Some of our subprocessors are located outside the European Economic Area (EEA). When we transfer personal data to these subprocessors, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU Commission-approved contractual terms that require adequate data protection
  • EU-U.S. Data Privacy Framework: Certification under the framework for subprocessors in the United States
  • Adequacy Decisions: Transfers to countries recognized by the EU Commission as providing adequate protection

For more information about our international data transfers, please refer to our Privacy Policy.

Your Rights

Under GDPR and other applicable data protection laws, you have rights regarding your personal data processed by our subprocessors:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

To exercise these rights or for questions about our subprocessors, please contact our Data Protection Officer at privacy@gate555.com.

Contact Information

Data Protection Officer:

Email: privacy@gate555.com

Response Time: Within 30 days per GDPR requirements

General Inquiries:

Email: legal@gate555.com

For general legal and compliance questions

Gate555 - A Division of Piramesse LLC

Registered in Delaware, United States

Last Updated: October 5, 2025