Legal
Subprocessors
Below is the list of third-party providers we use to deliver Mackro. We have a Data Processing Agreement (or equivalent) in place with each. International transfers rely on the UK International Data Transfer Agreement (IDTA) and/or the EU Standard Contractual Clauses. The canonical version of this list also appears in our Privacy Policy.
Supabase
PurposeDatabase, authentication, file storage
DataAll account, profile, log, message, photo data
LocationEU (Ireland)
Stripe
PurposePayment processing for coaches
DataBilling email, name, payment card (held by Stripe, not us)
LocationUK + US
Apple App Store / Google Play
PurposeIn-app purchases for client Premium
DataApple ID / Google Account email, payment
LocationApple/Google global
RevenueCat
PurposeIAP entitlement management
DataAnonymous app user ID, entitlement status
LocationUS
Google Gemini API
PurposeAI photo recognition
DataMeal photos, account ID (not email)
LocationGoogle global
Sentry
PurposeError and crash logging
DataTechnical context (no PII)
LocationEU (Frankfurt)
PostHog
PurposeProduct analytics
DataAnonymous user ID, feature usage
LocationEU (Frankfurt)
Resend
PurposeTransactional emails
DataEmail address, message content
LocationUS
Vercel
PurposeMarketing site hosting
DataSite visit metadata only (not app data)
LocationUS
Cloudflare
PurposeDNS and edge security for marketing site
DataStandard HTTP request metadata
LocationCloudflare global
We give reasonable notice (typically 30 days) before adding a new subprocessor that materially changes how we process your data. To object to any of the above being used to process your data, email privacy@mackro.co.uk (note that objection may make some features unavailable to you).