Subprocessors | Mods Fraud and Risk management

Subprocessors List

Mods may use selected third-party service providers (“subprocessors”) to support the delivery, security, and operation of our services. Subprocessors may process customer data only as needed to provide the relevant function (for example: ticketing, fraud tooling, dispute tooling, monitoring, analytics, reporting).

We aim to apply the following principles:

Necessity: we use subprocessors only when they serve a clear operational purpose.
Data minimization: only the data needed for the specific service is processed.
Access control: access is restricted to authorized personnel and systems.
Compliance: processing is performed under appropriate contractual and security safeguards, including GDPR-aligned obligations where applicable.

Subprocessors tools

Subprocessor

Purpose

Data that may be processed

Processing location(s)

Zendesk

Customer support ticketing and operational workflows (case handling, internal notes, attachments).

Ticket content, user identifiers, contact details, operational notes, attachments, audit metadata.

Client-selected region (country/continent based on customer configuration and available options).

Stripe

Payment processing / billing operations (where applicable).

Billing identifiers, transaction metadata, customer contact details needed for billing, payment-related logs.

Depends on customer configuration and Stripe processing locations.

Ethoca

Chargeback/dispute alerting and issuer collaboration workflows.

Dispute/chargeback identifiers, transaction references, card network alert metadata, case notes (as applicable).

Depends on program/network and customer configuration.

Verifi

Dispute/chargeback programs and alerting (e.g., RDR / CDRN where applicable).

Dispute/chargeback identifiers, transaction references, program metadata, case notes (as applicable).

Depends on program/network and customer configuration.

MassPay

Payout/disbursement operations (where applicable).

Payout identifiers, recipient references, transaction/payout metadata, compliance-related logs (as applicable).

Depends on customer configuration and MassPay processing locations.

CB-Alert

Chargeback alerting/monitoring and operational triage (where applicable).

Chargeback alert metadata, transaction references, case identifiers.

Depends on provider configuration and processing locations.

Sift

Fraud detection, risk scoring, and behavioral signals (where applicable).

Risk signals/events, user/device identifiers (as configured), transaction metadata, decision logs.

Depends on customer configuration and Sift processing locations.

Instana (instana.io)

Application performance monitoring (APM), reliability monitoring, incident triage.

System telemetry, application logs/metrics/traces, service identifiers, operational metadata.

Depends on deployment and monitoring configuration.

Amplitude

Product/operations analytics and measurement (where applicable).

Event data, usage metadata, identifiers (as configured), operational funnels/metrics.

Depends on project configuration and hosting region.

Microsoft Power BI

Reporting dashboards and management analytics (where applicable).

Aggregated operational metrics, reporting datasets, identifiers as configured for reporting needs.

Client-selected region (country/continent based on customer tenant and configuration).