Legal

Sub-processors

Last updated June 3, 2026

Per GDPR Article 28 and our standard DPA terms, this page lists the third-party services Tapgift relies on to operate the gifting flow. Each sub-processor receives only the minimum data required for its purpose. We notify merchants 30 days before adding a new sub-processor that materially affects how their data is handled.

Sub-processorPurposeJurisdiction
Shopify
App platform, OAuth, order data, billing, GDPR webhook delivery, sandboxed access to merchant orders and fulfillment.
Data shared: Shop domain, merchant access token, order metadata, recipient shipping address (written back to the order after claim).
Canada (Shopify HQ); US / EU regional data residency depending on the shop.
Resend
Outbound transactional email: gift notifications and reminders to recipients, order/acceptance updates to senders, and billing-cap alerts to merchants.
Data shared: Recipient / sender email address, message subject + body (includes the claim link).
United States (Resend Inc, San Francisco).
Google (Places API New)
Address autocomplete on the recipient claim page — converts a typed string into a structured shipping address.
Data shared: Typed search query, browser IP, selected place ID. We never send the recipient name or phone to Google.
United States (Google LLC, Mountain View).
Supabase
Managed PostgreSQL database (Tapgift application data).
Data shared: Encrypted-at-rest copy of all Tapgift application data — sender / recipient / gift / claim / event / merchant rows.
United States; EU data residency available on request.
Vercel
Hosting + serverless function execution + edge CDN for tapgift.app.
Data shared: HTTP request metadata, application logs, environment variables (secrets). No persistent customer PII storage.
United States (Vercel Inc, San Francisco).
Cloudflare
DNS for tapgift.app, DDoS mitigation, edge routing.
Data shared: DNS queries, HTTP request metadata at the edge.
United States (Cloudflare Inc, San Francisco).
Sentry
Error monitoring (server + client). Session replays are masked (text, inputs, media) and only retained for diagnostic purposes.
Data shared: Stack traces, HTTP request paths (PII scrubbed via beforeSend hook), browser metadata. No raw PII reaches Sentry.
United States (Functional Software Inc, San Francisco).

Cross-border transfers. Where personal data is transferred outside the EEA or UK, we rely on the EU Standard Contractual Clauses (SCCs) signed with each sub-processor above.

DPA requests. To execute a Data Processing Agreement, email privacy@tapgift.app.