Sub-processors — Subnotice
Processor: MINISAGE TECH LTD
URL: https://subnotice.com/sub-processors
Version: 1.4 · 5 July 2026 — supersedes v1.3 (4 July 2026)
Notify merchants 30 days before adding a new sub-processor. Update this file and the DPA Annex 2 simultaneously.
Current sub-processors
| Sub-processor | Service | Location | Data processed |
|---|---|---|---|
| Neon Tech Inc. | PostgreSQL database (encrypted at rest) | EU — Frankfurt region | Shopify session data (user ID, name, email, encrypted access token); shop operational record (billing, plan, DPA acceptance, report quota); customer subscription snapshot (name, email, contract reference, product title, renewal date, billing amount/currency) and reminder audit trail; WooCommerce site record (site URL, hashed token, jurisdiction, reply-to email) and reminder audit trail, once the paid Woo tier is released |
| Vercel Inc. | Application + website hosting, serverless functions (compute, TLS termination) | US (region per project config) | Same as database, in transit; policy text submitted to the audit API (processed in memory, not stored); standard platform HTTP request logs (IP, path, timestamp) |
| Resend Inc. | Transactional reminder email delivery, delivery/open-event webhooks | US | Customer name, email address, reminder email content (sent at dispatch time, not persisted by Resend); delivery/bounce/open events |
| Shopify Inc. | Platform OAuth, API, webhooks, App billing | Canada / global | Merchant staff session via OAuth; Shopify acts as independent controller for its own platform data |
| Freemius Inc. | WooCommerce plugin licensing/billing (paid "Compliance Complete" tier only, not yet released for purchase) | US | Merchant site URL, hashed API token, declared jurisdiction, reply-to email (once released) |
Removed / never used
| Sub-processor | Reason |
|---|---|
| Fly.io | Not selected |
| Supabase Inc. | Not selected; using Neon instead |
| Render Services Inc. | Listed in v1.1 in error / superseded — hosting is Vercel; never processed production data |
Change log
| Date | Change |
|---|---|
| 2026-05-19 | Initial skeleton v1.0 |
| 2026-05-26 | v1.1 — filled in MINISAGE TECH LTD; confirmed Neon EU + Render US; removed unused Fly/Supabase; moved Resend to planned |
| 2026-07-02 | v1.2 — corrected hosting: Render → Vercel Inc. (actual host of app.subnotice.com, subnotice.com, and the /api/audit endpoint); added policy-text-in-transit + platform request logs to Vercel data column (checker/Woo plugin flows). 0 live merchants at time of change — no 30-day notice cycle triggered |
| 2026-07-04 | v1.3 — Resend Inc. moved from "planned" to current/active (reminder-email + delivery/open-tracking features shipped and live); this file was stale relative to Privacy Policy v1.2 §4 and DPA v1.1 Annex 2, which already listed Resend as current. 0 live merchants at time of change — no 30-day notice cycle triggered |
| 2026-07-05 | v1.4 — added Freemius Inc. (WooCommerce paid-tier licensing/billing, not yet released for purchase — added now so this file and DPA Annex 2 aren't stale relative to Privacy Policy v1.4 the moment it published); corrected Neon's data column to include the customer subscription snapshot and WooCommerce site record (both were already disclosed in Privacy Policy/DPA but missing here); corrected stale "read live, not persisted" framing on Resend's row (customer data is persisted upstream in Neon; Resend itself still doesn't persist it, wording just clarified). 0 live merchants at time of change — no 30-day notice cycle triggered |