Responsabili del trattamento
Ultimo aggiornamento: April 29, 2026
We use a small number of third-party services to operate the MarginLock platform. The table below lists every subprocessor that may process customer personal data on our behalf, along with the purpose, the categories of data, and the region where data is processed.
| Vendor | Purpose | Data processed | Region | DPA |
|---|---|---|---|---|
| Amazon Web Services | Application database, worker compute, object storage | Customer Amazon Seller Central data, account metadata | us-east-1 (USA) | AWS DPA |
| Vercel | Marketing site hosting + edge delivery | IP addresses, request metadata | Global edge | Vercel DPA |
| Resend | Transactional email (magic links, contact form, account notifications) | Email addresses, message bodies | USA | Resend DPA |
| Kit (ConvertKit) | Newsletter subscriptions | Email addresses | USA | Kit DPA |
| Upstash | Rate-limit state for forms and APIs | IP addresses (hashed) | USA, EU regions | Upstash DPA |
| Sentry | Application error tracking | Error stack traces, user IDs | USA | Sentry DPA |
| Better Stack | Uptime + status page | Probe results | USA, EU regions | Better Stack DPA |
| Stripe | Subscription billing | Email addresses, billing addresses, payment metadata (no card numbers) | USA, EU regions | Stripe DPA |
We notify customers in writing at least 30 days before adding or replacing a subprocessor. Customers may object to a new subprocessor under the terms of our DPA.