Subprocessors
Vendors that process customer data on our behalf to deliver MARGN.PLUS.
Last updated: 2026-05-06
How we choose vendors
Every vendor on this list is contractually bound by a Data Processing Agreement (DPA), holds at minimum a SOC 2 Type II certification (or equivalent), and is restricted to the specific data and purpose listed below. Vendors are not permitted to use customer data for advertising, profiling, or AI model training.
We add vendors when their function is essential to delivering the product, and we remove them when a better, safer, or simpler option becomes available. Material changes to this list are announced in the next monthly Drop email and through our Privacy Policy.
| Vendor | Purpose | Data shared | Location | Compliance |
|---|---|---|---|---|
|
WP Engine DPA / privacy policy |
Application hosting (web server, database, file storage, daily backups, CDN). | All customer data uploaded to MARGN.PLUS, encrypted at rest. Not used for anything besides serving our application. | United States (US-East) | SOC 2 Type II |
|
Anthropic (Claude API) DPA / privacy policy |
AI-generated insights and CSV failure diagnostics. | Aggregate metrics and pseudonymized buyer references (e.g., "buyer_a") sent per request. Real buyer @handles never leave our servers; they are substituted into the rendered insight client-side after Claude responds. | United States | SOC 2 Type II · API data not used for model training |
|
Stripe DPA / privacy policy |
Subscription billing, payment processing, invoice retrieval. | Account email, plan tier, payment method tokens. Card numbers are entered directly into Stripe Elements and never touch our servers. | United States | PCI-DSS Level 1 · SOC 2 Type II |
|
Google Workspace DPA / privacy policy |
Outbound email (account verification, password resets, weekly digests, admin alerts). | Recipient email address, message body. We do not store the message contents after sending. | United States | ISO 27001 · SOC 1/2/3 |
What we never share
- We do not sell, rent, or license personally identifiable customer data. Aggregated, anonymized data may be used for industry benchmark features.
- We do not share buyer-level transaction data with marketing platforms, ad networks, or data brokers.
- We do not feed your CSV uploads into AI model training, ours or anyone else’s.
- We do not retain Stripe card numbers, only the tokenized payment method Stripe returns.
Questions about a specific vendor or their handling of your data? privacy@margn.plus
See also our Privacy Policy and Terms of Service.