Tierlane

Tierlane Sub-processor List

Effective Date: 2026-06-01 Last Updated: 2026-06-01 Version: 1.0

About This List

This page lists the third parties that Tierlane currently engages to help us deliver the Service (each, a "Sub-processor"). It is published in compliance with Article 28(4) of the EU and UK GDPR, California Consumer Privacy Act §1798.140(ag) (service-provider disclosure), Quebec Law 25 (disclosure of transfers outside Quebec), the LGPD (international transfer disclosure), and Tierlane's Data Processing Agreement (DPA) at tierlane.app/legal/dpa.

This list is incorporated by reference into Tierlane's Privacy Policy (tierlane.app/legal/privacy), Terms of Service (tierlane.app/legal/terms), and DPA.

For definitions of "Service", "Merchant", "Buyer", "Customer Data", "Buyer PII", and "Sub-processor", see Section 2 of the Terms of Service.

Notification of Changes

Tierlane will notify Merchants by email at least 15 days before adding a new Sub-processor that processes Personal Data, and will update this page on the same schedule. Each entry below shows the date on which the Sub-processor was added to this list.

Merchants may object to a new Sub-processor during the notification period by emailing legal@tierlane.app. If a reasonable objection cannot be resolved within 30 days, the Merchant may terminate the portion of the Service affected by the new Sub-processor, with a pro-rated refund for any pre-paid Fees relating to that portion.

A complete change history is maintained at the bottom of this page (Section 4).

1. Active Sub-processors

The following Sub-processors are active as of the effective date.

| Sub-processor | Purpose / Category | Data Processed | Processing Location | DPA / Privacy Reference | In Use Since | |---|---|---|---|---|---| | Shopify Inc. | App platform, OAuth, Billing API, draft-order creation, catalog read, mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact) | Merchant account identifiers, Shopify shop ID, billing records, draft order content, catalog metadata | Canada (primary), United States, European Union (regional Shopify infrastructure) | shopify.com/legal/dpa | 2026-06-01 | | Anthropic, PBC | AI parsing (LLM API) — converting Buyer email text and attachment text into structured draft orders | Email subject and body, extracted attachment text, Buyer PII embedded in those (name, email, phone, address, order content). 7-day input/output retention; no training on inputs. | United States (with EU SCCs) | privacy.claude.com — Anthropic DPA | 2026-06-01 | | Google LLC (Gmail OAuth) | Read-only access to Merchant-connected Gmail inboxes; OAuth credential service | Email envelope and content from connected mailboxes; OAuth tokens; user identifier | United States (Google global infrastructure) | policies.google.com/privacy; Google Workspace DPA | 2026-06-01 | | Microsoft Corporation (Outlook / Microsoft 365 OAuth) | Read-only access to Merchant-connected Outlook / M365 inboxes; OAuth credential service | Email envelope and content from connected mailboxes; OAuth tokens; user identifier | United States, European Union (Microsoft regional infrastructure) | microsoft.com/en/trust-center; Microsoft Products and Services DPA | 2026-06-01 | | Microsoft Corporation (Microsoft 365 — Tierlane's business email) | Tierlane's own business email (support@, privacy@, legal@, security@). Used to communicate with Merchants and to receive privacy and legal correspondence. | Email content received and sent from Tierlane staff inboxes; sender and recipient addresses | United States, Canada (Microsoft regional infrastructure for Canadian tenants) | microsoft.com/en/trust-center | 2026-06-01 | | Intuit Inc. (QuickBooks Online) — optional | Optional accounting sync (Merchant-enabled): forwarding completed Shopify orders/invoices to QuickBooks | Invoice and customer data for orders the Merchant elects to sync | United States | intuit.com/privacy; Intuit DPA | 2026-06-01 | | Xero Limitedoptional | Optional accounting sync (Merchant-enabled): forwarding completed Shopify orders/invoices to Xero | Invoice and customer data for orders the Merchant elects to sync | United States, Australia | xero.com/about/terms/privacy; Xero DPA | 2026-06-01 | | Vercel Inc. | Application hosting and serverless compute (the web app, embedded admin app, and worker functions) | Application requests, PII-scrubbed logs, request metadata, edge logs | United States (primary). Vercel edge nodes worldwide. | vercel.com/legal/dpa | 2026-06-01 | | Supabase Inc. | Primary database (PostgreSQL), object storage, authentication store, and short-term parsed-content storage | All Tierlane application data: Merchant account, settings, OAuth tokens (encrypted), draft orders, parsed Buyer content (90-day retention), audit logs | United States — us-east-1 region (current). EU region available on request for enterprise Merchants. | supabase.com/legal/dpa | 2026-06-01 | | Resend Inc. | Transactional email delivery (welcome, billing receipts, parsing notifications, security alerts, opt-in product updates) | Recipient email address, email subject, email body, sender metadata, delivery status | United States (with EU SCCs) | resend.com/legal/dpa | 2026-06-01 | | Functional Software, Inc. (Sentry) | Error monitoring and crash reporting | Application error events with PII scrubbed via Tierlane configuration; user identifier limited to pseudonymous shop_id where logged | United States. EU data residency available on Sentry Business plan. | sentry.io/legal/dpa | 2026-06-01 | | PostHog Inc. (self-hosted, EU region) | Product analytics — pseudonymous, IP-discarded event analytics for the embedded admin app and marketing site | Pseudonymous event data identified only by Shopify shop_id; no Buyer PII is sent to analytics; IP addresses discarded at ingestion | European Union (self-hosted instance operated by Tierlane on EU cloud infrastructure) | posthog.com/privacy; self-hosted, no third-party DPA required for the PostHog software itself; underlying cloud DPA applies | 2026-06-01 | | Cloudflare, Inc. | DNS, CDN, WAF, DDoS protection, and Cloudflare Email Workers (inbound email envelope routing) | Edge request metadata, inbound email envelope (sender, recipient, MIME envelope), short-lived cache | United States — Cloudflare global edge network | cloudflare.com/cloudflare-customer-dpa/ | 2026-06-01 |

Optional Sub-processors

Sub-processors marked "optional" only process data if the Merchant has explicitly enabled the relevant integration (e.g., turning on the QuickBooks or Xero sync). If a Merchant does not enable an optional integration, no data is sent to that Sub-processor.

2. How Tierlane Selects and Manages Sub-processors

Before engaging a Sub-processor, Tierlane:

  • Reviews the Sub-processor's published security and privacy posture (encryption in transit and at rest, access controls, certifications such as SOC 2 / ISO 27001 / ISO 27701, EU-US Data Privacy Framework certification where available, GDPR compliance materials, and breach history).
  • Executes a written Data Processing Agreement that imposes obligations no less protective than those in our DPA with Merchants, including Article 28(3) GDPR / Article 28(3) UK GDPR terms, EU Standard Contractual Clauses or the UK IDTA / Addendum for international transfers, CCPA service-provider terms, LGPD international transfer terms, and Brazilian SCCs for transfers from Brazil to the United States.
  • Documents the legal basis for cross-border transfers and, where required by Quebec Law 25 or the GDPR, completes a Privacy Impact Assessment / Transfer Impact Assessment.
  • Reviews the Sub-processor's security and privacy posture periodically (at least annually for vendors processing Buyer PII; on material change otherwise).

Tierlane remains responsible to Merchants for the acts and omissions of its Sub-processors with respect to Personal Data as required by Article 28(4) GDPR.

3. Specific Notes on Selected Sub-processors

3.1 Anthropic, PBC (AI parsing)

  • Anthropic is Tierlane's AI parsing provider. Tierlane uses Anthropic's API and not its consumer products.
  • Anthropic does not train its models on data submitted by API customers.
  • API inputs and outputs are retained by Anthropic for a maximum of 7 days for abuse-monitoring purposes, then deleted, unless the customer has separately requested zero-retention (Tierlane is on the default 7-day retention).
  • Cross-border transfers from the EU/EEA and the UK are covered by the EU Standard Contractual Clauses and UK Addendum / IDTA executed in Anthropic's DPA.
  • For the avoidance of doubt, Tierlane sends Anthropic only what is needed to parse a single email or attachment into a single draft order: the email body and extracted attachment text, plus a prompt that includes the Merchant's catalog snippets.

3.2 Shopify Inc.

  • Shopify is both the platform on which Tierlane runs and the billing operator for Tierlane subscriptions (via the Shopify Billing API). Shopify is also the operator of the mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact).
  • The Merchant's primary relationship is with Shopify, not Tierlane, for the underlying e-commerce platform. Shopify's privacy and security commitments to the Merchant are governed by Shopify's own terms and DPA.

3.3 Supabase Inc.

  • Supabase is Tierlane's primary database and object storage. Currently in the us-east-1 region.
  • Where a Merchant has an enterprise requirement for EU data residency, contact legal@tierlane.app — EU region deployment is available subject to a separate addendum.
  • All data at rest is encrypted; backups are encrypted; backups rotate within 35 days.

3.4 PostHog Inc. (self-hosted, EU)

  • Tierlane operates a self-hosted PostHog instance in the European Union. No analytics data is sent to PostHog Inc.'s shared cloud.
  • IP addresses are discarded at ingestion. Person profiles are identified only by Shopify shop_id. Autocapture is disabled on the admin app; only explicit, named events are captured.
  • Event data retention: 90 days.
  • The underlying cloud infrastructure operator (the IaaS vendor on which Tierlane runs the PostHog instance) is also a Sub-processor; that operator is identified to Merchants on request.

3.5 Cloudflare, Inc.

  • Cloudflare provides DNS, CDN, and the Cloudflare Email Workers used to route inbound order emails to the Tierlane parsing pipeline. The Email Worker handles the SMTP envelope and a short-lived buffer of the inbound message; it does not retain the message body beyond the request.

3.6 Sentry (Functional Software, Inc.)

  • Sentry receives PII-scrubbed error events. Tierlane configures Sentry with sendDefaultPii: false, server-side scrubbing for buyer email/phone/name patterns, and ignoreErrors rules for known PII-containing error categories.
  • Sentry retention: 90 days.

3.7 Microsoft 365 (Tierlane's business email)

  • Tierlane's staff inboxes (support@, privacy@, legal@, security@) are hosted on Microsoft 365.
  • Personal information you send Tierlane by email — for example, a privacy request or a support enquiry — is processed and stored in this environment. We aim to limit the personal information you send us by email to what is necessary to address your request.

4. Change History

A record of changes to the Sub-processor list is maintained here so that Merchants can verify when each Sub-processor was added, modified, or removed.

| Date | Change | Notes | |---|---|---| | 2026-06-01 | Initial publication of Sub-processor list | All entries above added on initial publication. |

When a new Sub-processor is added, this table will be updated and Merchants will receive at least 15 days' prior notice by email.

5. Questions and Contact

For questions about this Sub-processor list, to object to a proposed new Sub-processor, to request an EU data-residency deployment, or to receive a copy of a Sub-processor's executed DPA or SCCs (subject to redaction of commercially sensitive terms):

  • Privacy inquiries: privacy@tierlane.app
  • Legal inquiries: legal@tierlane.app
  • Security incidents: security@tierlane.app
  • General contact: support@tierlane.app