- Featured
B2B Edition
Advanced B2B features for enterprise plans.Catalyst
NewCreate stunning, high-performing storefronts that captivate and convert.Feedonomics
Omnichannel feed and data transformation.Multi-Storefront
Manage multiple unique stores from one account.International
Grow your brand across the globe.
- Launch Services
Overview
Chart your path to success with specialised services.Implementation Project Management
Experts to ensure you launch on time and under budget.Solution Architecture
Seasoned advisors to help you best design your store.Data Migration & Optimisation
Expertise on a clean and clear path to migrating your data.Enterprise Launch Package
Personal training on how to set up and launch your BigCommerce Store.
Professional Services Blog Series
Get to know our teams and how they support your success in this Q&A series.
The Global B2B Buyer Behavior Report
This in-depth report provides actionable strategies to help you sell more online.
Third-Party Subprocessors
Date of Last Revision: April 28, 2025
When acting as a processor on behalf of merchants in providing ecommerce Services, BigCommerce and its affiliates[1]
may engage the following third-party subprocessors.[2] These subprocessors may process certain types of personally identifiable information (PII) associated with shoppers that interact with merchant storefronts.
Name
Processing Activity
Purpose of Processing
Default Location
Additional Information
Amazon
Analytics
Online store metrics
USA
Trace PII
Atlassian
Office productivity and communication
Process/project management and product support
USA, Australia
Trace PII[3]
Cloudflare
DDoS mitigation, threat detection, and CDN
DDoS protection, digital threats monitoring, and accelerated content delivery
USA, with globally decentralized CDN
Trace PII
Confluent
Analytics data pipeline
Infrastructure management, data piping between systems that lack native integrations
USA
Merchants can eliminate by turning off BC analytics
Hosting, platform functionality, and office productivity
Infrastructure hosting, document management, and communications
USA, Germany, or Australia
All platform PII, including all identifiers noted in the BigCommerce TOS
Sentry I/O by Functional Software
Performance improvement, error logging, and troubleshooting
Error monitoring
for BigCommerce application and infrastructure Services
USA
Trace PII
Snowflake
Data warehouse
Internal analytics warehouse
USA
Trace PII
The Functionary
Support
Technical support for merchants who are having issues with the BigCommerce application
El Salvador
Platform PII, as needed based on support needs
Sysdig
Security
Environment and log monitoring for BigCommerce application and infrastructure
North America
Trace PII
Sumo Logic
Security
Log collection, alerting, and monitoring for security alerts concerning BigCommerce, BigCommerce applications and infrastructure
North America
Trace PII
Relyance AI
Privacy
Automated Personal Data Mapping and generation of privacy documentation
North America
Trace PII
[1] All BigCommerce affiliates are bound by the BigCommerce DPA. Any PII processed by, or transferred between, BigCommerce affiliates is further subject to the internal protections of an intra-group data transfer agreement (IGA), which has been signed by all BigCommerce affiliates and requires substantially the same level of data protection as that provided to merchants under the BigCommerce DPA.
[2] As set forth in the BigCommerce DPA, BigCommerce does not transfer any PII to subprocessors without: (i) a security assessment, (ii) a privacy assessment, including an assessment of transfer impact; and (iii) a data protection agreement that requires substantially the same level of data protection as that provided to merchants under the BigCommerce DPA.
[3] Trace PII may include data such as a single transaction number or IP address that is not ordinarily processed in association with other identifiers. Although such data may not in itself constitute PII, BigCommerce generally treats such data as PII out of an abundance of caution unless or until it has been fully deleted, anonymized, or deidentified.