Table of contents
Subprocessors
Last updated February 10, 2026
This page lists the third-party subprocessors that GrowPanel engages to process personal data on behalf of our customers, in accordance with our Data Processing Agreement (DPA) and Privacy Policy.
We will update this page whenever a subprocessor is added or removed. If you have questions, contact us at [email protected].
1. Infrastructure
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| Cloudflare | Application hosting (Workers, Queues, Durable Objects, KV), CDN, DDoS protection | All service data in transit and at rest | Global (edge network) |
| Supabase | PostgreSQL database for account configuration, user accounts, and settings | Account data, user profiles, data source configuration | EU (Frankfurt) |
| Leaseweb | Dedicated ClickHouse cluster for analytics data (customers, MRR movements, transactions) | Customer billing data, MRR movements, transactions, plans | Netherlands |
2. Email and communications
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| SendGrid (Twilio) | Transactional email delivery for reports, notifications, and system emails | Email addresses, report content, notification content | US |
| MailerLite | Marketing email campaigns and drip sequences | Email addresses, account plan status | EU (Lithuania) |
| HelpScout | Customer support chat and help desk | Email addresses, support conversations | US |
3. Billing integrations
These subprocessors are only engaged when the customer connects the respective billing source. GrowPanel reads data from these platforms but does not write customer data back to them.
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| Stripe | Billing data source (OAuth integration) | Customer names, emails, subscription data, invoices, charges | US |
| Chargebee | Billing data source (API integration) | Customer names, emails, subscription data, invoices | US |
| Recurly | Billing data source (API integration) | Customer names, emails, subscription data, invoices | US |
| Google Sheets | Data source for manual/custom data import | Customer data as provided by the user | US |
4. AI and analytics
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| Anthropic | Conversational analytics (Claude Sonnet 4.6) and chat title generation (Claude Haiku 4.5) | Aggregated metrics only (MRR, subscriber counts, movement summaries). No personally identifiable information is sent. | US |
| OpenAI | AI-generated email report summaries and plan-group suggestions (GPT-5-mini) | Aggregated metrics only (MRR, subscriber counts, movement summaries). No personally identifiable information is sent. | US |
5. Authentication providers
These are used only when the user chooses to log in via a third-party provider.
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| OAuth login (Google Sign-In) | Email address, name | US | |
| Microsoft | OAuth login (Microsoft Sign-In) | Email address, name | US |
6. Analytics and product improvement
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| PostHog | Product analytics and feature usage tracking | Anonymized usage events, page views | EU (Frankfurt) |
| Mouseflow | Session recording for UX improvement | Session recordings, anonymized interaction data | EU (Denmark) |
User-initiated AI integrations (NOT GrowPanel subprocessors)
GrowPanel offers an MCP server at mcp.growpanel.io that lets users connect external AI assistants (e.g. Claude.ai, ChatGPT, Cursor, Windsurf) to their GrowPanel account via OAuth.
These AI providers are not GrowPanel subprocessors. When a user authorizes an external AI assistant via the MCP server, the user is the controller of that data flow: they choose the AI provider, accept the AI provider's own privacy and data-handling terms, and decide what data gets queried. GrowPanel acts only as the API relay between the user's chosen AI assistant and the GrowPanel REST API.
The data that flows when an MCP connection is active depends on what the AI assistant requests, but can include any field exposed by the GrowPanel REST API — including customer names, email addresses, subscription details, and payment metadata. We do not redact PII on this path; the user has explicitly granted the AI access on their own behalf.
Connections can be reviewed and revoked at any time from Settings → Integrations. For full details see Privacy Policy § 3.2.6.
See also: Privacy Policy | Data Processing Agreement | Security
