Legal
Sub-processors
Last updated June 3, 2026
Per GDPR Article 28 and our standard DPA terms, this page lists the third-party services Tapgift relies on to operate the gifting flow. Each sub-processor receives only the minimum data required for its purpose. We notify merchants 30 days before adding a new sub-processor that materially affects how their data is handled.
| Sub-processor | Purpose | Jurisdiction |
|---|---|---|
| Shopify | App platform, OAuth, order data, billing, GDPR webhook delivery, sandboxed access to merchant orders and fulfillment. Data shared: Shop domain, merchant access token, order metadata, recipient shipping address (written back to the order after claim). | Canada (Shopify HQ); US / EU regional data residency depending on the shop. |
| Resend | Outbound transactional email: gift notifications and reminders to recipients, order/acceptance updates to senders, and billing-cap alerts to merchants. Data shared: Recipient / sender email address, message subject + body (includes the claim link). | United States (Resend Inc, San Francisco). |
| Google (Places API New) | Address autocomplete on the recipient claim page — converts a typed string into a structured shipping address. Data shared: Typed search query, browser IP, selected place ID. We never send the recipient name or phone to Google. | United States (Google LLC, Mountain View). |
| Supabase | Managed PostgreSQL database (Tapgift application data). Data shared: Encrypted-at-rest copy of all Tapgift application data — sender / recipient / gift / claim / event / merchant rows. | United States; EU data residency available on request. |
| Vercel | Hosting + serverless function execution + edge CDN for tapgift.app. Data shared: HTTP request metadata, application logs, environment variables (secrets). No persistent customer PII storage. | United States (Vercel Inc, San Francisco). |
| Cloudflare | DNS for tapgift.app, DDoS mitigation, edge routing. Data shared: DNS queries, HTTP request metadata at the edge. | United States (Cloudflare Inc, San Francisco). |
| Sentry | Error monitoring (server + client). Session replays are masked (text, inputs, media) and only retained for diagnostic purposes. Data shared: Stack traces, HTTP request paths (PII scrubbed via beforeSend hook), browser metadata. No raw PII reaches Sentry. | United States (Functional Software Inc, San Francisco). |
Cross-border transfers. Where personal data is transferred outside the EEA or UK, we rely on the EU Standard Contractual Clauses (SCCs) signed with each sub-processor above.
DPA requests. To execute a Data Processing Agreement, email privacy@tapgift.app.