Subprocessor List
Last updated: October 1, 2025
Third-party service providers engaged to assist in providing Mamba Host services, as referenced in our Data Processing Agreement.
1) Purpose & Scope
This page lists subprocessors engaged by Mamba Host (Asmar Media Group LLC) to process Customer Personal Data as part of providing our Services. This list is maintained in accordance with Article 28 of the GDPR and our Data Processing Agreement.
What is a Subprocessor?
A subprocessor is a third-party service provider that processes personal data on behalf of Mamba Host to help us deliver our Services. Each subprocessor is bound by contractual obligations to protect data and comply with applicable data protection laws.
2) Notification of Changes
We will update this page and notify customers via email at least 30 days before engaging new subprocessors or making material changes to existing subprocessor relationships.
How to Object:
- Review updates posted on this page
- If you object to a new subprocessor, email privacy@mambahost.com within 30 days
- We will work to address concerns or provide alternatives
- If we cannot accommodate your objection, you may terminate affected Services for a pro-rata refund
Subscribe to Updates:
Email privacy@mambahost.com with subject "Subscribe to Subprocessor Updates" to receive notifications of changes.
3) Infrastructure & Hosting Subprocessors
OVH Cloud (OVHcloud)
Purpose: Primary datacenter and infrastructure provider for compute, storage, and network resources
Data Processed: Server configurations, customer content, logs, IP addresses
Location: United States (primary), Canada (secondary)
Data Transfer Mechanism: Standard Contractual Clauses (EU-US)
Website: ovhcloud.com
Cloudflare, Inc.
Purpose: CDN, DDoS protection, DNS, and web application firewall services
Data Processed: Website visitor data, IP addresses, browser information, CDN cache
Location: Global network with primary operations in United States
Data Transfer Mechanism: Standard Contractual Clauses, EU-US Data Privacy Framework
Website: cloudflare.com
4) Control Panel & Management Subprocessors
Pterodactyl Software (Self-Hosted)
Purpose: Game server control panel software
Data Processed: Account information, server configurations, activity logs
Location: Hosted on our OVHcloud infrastructure (United States)
Note: Open-source software hosted by us, not an external subprocessor in traditional sense
Website: pterodactyl.io
5) Payment Processing Subprocessors
Stripe, Inc.
Purpose: Credit card payment processing, subscription billing, fraud detection
Data Processed: Payment card information, billing details, transaction history
Location: United States (primary), Ireland (EU customers)
Data Transfer Mechanism: Standard Contractual Clauses, PCI DSS Level 1 certified
Website: stripe.com
PayPal Holdings, Inc.
Purpose: Alternative payment processing for PayPal payments
Data Processed: PayPal account information, billing details, transaction records
Location: United States (primary), Luxembourg (EU operations)
Data Transfer Mechanism: Standard Contractual Clauses, PCI DSS compliant
Website: paypal.com
6) Communication & Support Subprocessors
Resend, Inc.
Purpose: Transactional email delivery (account notifications, receipts, alerts)
Data Processed: Email addresses, message content, delivery logs
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses
Website: resend.com
Discord Inc.
Purpose: Community platform and real-time customer support chat
Data Processed: Usernames, messages, server activity logs
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses
Website: discord.com
7) Analytics & Monitoring Subprocessors
Plausible Analytics
Purpose: Privacy-friendly website analytics (cookieless)
Data Processed: Anonymized page views, referrer data, device types (no personal identifiers)
Location: European Union (Germany)
Data Transfer Mechanism: GDPR compliant, no international transfers (EU-hosted)
Website: plausible.io
UptimeRobot
Purpose: Infrastructure uptime monitoring and alerting
Data Processed: Server status, response times, availability logs
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses
Website: uptimerobot.com
8) Security & Compliance Subprocessors
Cloudflare Turnstile
Purpose: Bot protection and CAPTCHA alternative for forms
Data Processed: Browser fingerprints, interaction patterns (no personal identifiers)
Location: Global network with primary operations in United States
Data Transfer Mechanism: Standard Contractual Clauses
Website: cloudflare.com/turnstile
9) Development & Internal Tools
GitHub, Inc.
Purpose: Code repository hosting, version control, internal documentation
Data Processed: Source code, internal documentation (no customer personal data)
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses
Website: github.com
10) Subprocessor Requirements
All subprocessors must meet the following requirements:
- Contractual Obligations: Bound by data protection agreements with equivalent protections to our DPA
- Security Standards: Implement appropriate technical and organizational security measures
- Compliance: Comply with applicable data protection laws (GDPR, CCPA/CPRA, etc.)
- Confidentiality: Ensure personnel are subject to confidentiality obligations
- Audit Rights: Provide audit capabilities and compliance documentation
- Data Transfer Mechanisms: Use appropriate safeguards for international transfers
- Breach Notification: Promptly notify us of any data security incidents
11) Subprocessor Evaluation Process
Before engaging new subprocessors, we:
- Conduct due diligence on security practices and certifications
- Review data protection agreements and terms
- Assess data transfer mechanisms and compliance
- Evaluate alternatives and necessity
- Document the legitimate purpose for engagement
- Obtain customer consent through the 30-day notification process
12) Data Flows & Processing Activities
Summary of how subprocessors access Customer Personal Data:
- Infrastructure providers: Host and transmit data but do not access content
- Payment processors: Process billing information only, not customer content
- Communication tools: Transmit support messages and notifications
- Analytics: Process anonymized or aggregated data only
- Security tools: Analyze patterns for protection, not individual data
13) Alternative Subprocessors
In limited circumstances, we may use alternative subprocessors for:
- Disaster recovery and business continuity
- Temporary service disruptions
- Geographic redundancy requirements
- Emergency maintenance or security incidents
Alternative subprocessors are subject to the same requirements and notification processes.
14) Removal of Subprocessors
When we discontinue use of a subprocessor:
- We update this page within 30 days
- We ensure proper data deletion or return from the subprocessor
- We notify customers if the change affects service functionality
15) Customer Responsibilities
As a customer, you are responsible for:
- Reviewing this subprocessor list before using our Services
- Monitoring updates to this page
- Exercising your objection rights within 30 days of notification
- Ensuring subprocessor use aligns with your own data protection obligations
- Informing your data subjects about subprocessor involvement
16) Transparency & Documentation
We maintain transparency about subprocessor relationships:
- This page is publicly accessible without login
- Version history and changes are documented
- Detailed subprocessor agreements available upon reasonable request
- Annual review and audit of all subprocessor relationships
17) Questions & Requests
For questions about our subprocessors:
- General questions: privacy@mambahost.com
- Objections to new subprocessors: privacy@mambahost.com (within 30 days of notification)
- Subscribe to updates: privacy@mambahost.com with subject "Subscribe to Subprocessor Updates"
- Request agreements: legal@mambahost.com
Change Log
October 1, 2025: Initial publication of subprocessor list