Legal · last updated 19 April 2026
Sub-processors
DealIndex.ai is operated by Orokrt Retail Ltd. This page lists the third-party providers we use to run the service, what each one does, where it processes data, and the kind of data it sees. It sits alongside the main privacy policy, which covers what we collect from you and why.
We publish the list so you can make an informed decision about using the site. If you'd prefer we didn't share anything with a given provider, the practical answer is usually "don't send us that data" — for example, if you never submit an email, nothing reaches the newsletter provider. You can also ask for your data to be deleted at any time (see your rights).
Current sub-processors
| Purpose | Provider | Location | What it sees |
|---|---|---|---|
| Application database | Supabase (managed Postgres) | EU — Frankfurt | Newsletter and price-alert email addresses, hashed IP addresses from the affiliate-click handler and contact form, chat-session identifiers and query text. |
| Edge network, CDN and application hosting | Cloudflare | Global (UK-routed where possible) | Every incoming HTTP request is proxied through Cloudflare. Standard edge logs include IP address, user-agent and URL for the minimum retention period required for abuse prevention. |
| On-site chat assistant | Anthropic (Claude API) | United States | The free-form text of your chat message. No email address, no IP, no DealIndex account identifier is attached. |
| Newsletter delivery | Beehiiv | United States | Email address, newsletter engagement metadata (opens, clicks) if you engage with a sent email. |
| Cookieless analytics | Plausible Analytics | EU — Germany | Aggregated, anonymous page-view counts. No cookies, no personal identifiers, no cross-site tracking. |
| Server-side error monitoring | Sentry | United States | When a server-side error fires, the error message plus a minimal request context (URL, status, user-agent). Configured to scrub payload bodies so form data is not captured. |
International transfers
Providers hosted outside the UK and EEA are engaged under the UK Information Commissioner's International Data Transfer Addendum to the EU Standard Contractual Clauses, or equivalent safeguard published by the provider.
Changes
When we add, remove or change a sub-processor we update the table above and bump the "last updated" date. Material changes — a new category of data leaving the EEA, a new provider for a new feature — are also flagged on the homepage for two weeks before they take effect.