Legal
Subprocessors
Last updated 23 April 2026. The vendors below help ShopMCP run the service. We will give 30 days' notice before adding or replacing any of them.
Get notified about changes
Subscribe by emailing privacy@shop-mcp.app with the subject "subprocessor notifications" and we will add you to the email list. Workspace owners are subscribed automatically.
Active subprocessors
| Vendor | Purpose | Data | Region |
|---|---|---|---|
| Amazon Web Services (AWS) | Primary database hosting (Neon Postgres runs on AWS) and KMS for envelope encryption of customer credentials. | Account records, encrypted credentials, usage events, audit logs. | us-east-1 (US) |
| Neon | Managed Postgres provider for the application database. | All workspace, usage, billing-mirror, and audit data. | us-east-1 (US, on AWS) |
| Upstash | Managed Redis for rate limiting, short-lived caches, and durable workflow queues. | Per-workspace rate counters, cached entitlement decisions, queued job payloads, and short-lived Xero read result cache entries (no plaintext credentials). | us-east-1 (US) |
| Vercel | Hosting for the Next.js dashboard, the public marketing/legal site, and the MCP runtime (mounted at /api/mcp). | Request metadata and tool call payloads in transit through the runtime. Persistent data is held in Neon, not on Vercel. | iad1 (US East) |
| Stripe | Payment processing, subscription management, metered billing, and the customer billing portal. | Workspace owner name and email, billing address, subscription state, invoice history, card details (held by Stripe). | Global, with EU residency available |
| Sequenzy | Transactional email delivery for sign-in flows, email verification, team invites, billing notifications, and breach notices. | Recipient email address, subject line, and message body of each transactional email. | United States |
| Sentry | Error monitoring for the dashboard and the MCP runtime. | Stack traces and request context tagged with an opaque workspace id only — never email, name, or platform credentials. | US (with optional EU residency) |
| Cloudflare | DNS, edge TLS termination, and DDoS mitigation for shop-mcp.app and mcp.shop-mcp.app. | Connection metadata in transit (IP, TLS handshake, request path). | Global edge |
Source platforms
The following platforms are not subprocessors of ShopMCP — they are the data sources the customer authorises us to read from. They are listed here for transparency:
- Shopify, Maropost (Neto), Google. Source platforms whose APIs ShopMCP reads from on the customer's instructions. The customer is the controller of any data returned by these platforms.
Removed subprocessors
None to date. When we remove a vendor we will keep them on this page for at least 12 months along with the date and reason for removal.