Legal

Sub-processors

Effective May 20, 2026

Crescence relies on the third-party services below to operate the marketplace. Each provider is contractually bound (via a Data Processing Addendum) to process personal information only on Crescence's instructions and to apply security controls equivalent to ours. This page is kept current; material changes are notified to your account email at least 30 days in advance.

SupabaseView DPA

United StatesPostgres database, file storage, authentication, real-time channels.

VercelView DPA

United StatesApplication hosting and edge function execution.

CloudflareView DPA

United StatesDNS, CDN, Turnstile CAPTCHA.

AnthropicView DPA

United StatesLLM provider for the Maia AI assistant.

StripeView DPA

United StatesPayments, Stripe Connect payouts, Stripe Tax, dispute handling.

ResolveView DPA

United StatesBuy-now-pay-later checkout for Buyers (optional rail).

ResendView DPA

United StatesTransactional email delivery, bounce + complaint tracking.

PlainView DPA

United StatesCustomer support inbox and chat widget.

PostHogView DPA

United StatesProduct analytics and A/B experiment variant assignment. Opt-in via cookie banner; off when GPC set.

SentryView DPA

United StatesError tracking and source-map symbolication.

BetterStackView DPA

United StatesUptime monitoring, status page, on-call rotation.

Google LLCView DPA

United StatesGoogle Calendar OAuth integration. Receives an OAuth authorization code and issues access and refresh tokens scoped to the user's Google Calendar. Token data is stored encrypted per integration row. No calendar event body or attendee data is read by Crescence at this time. Data residency follows Google Workspace tenant configuration.

Slack Technologies, LLCView DPA

United StatesSlack OAuth integration. Receives an OAuth authorization code and issues a workspace-scoped access token. Token data is stored encrypted per integration row. Crescence uses the token solely to post order-event notifications to a workspace channel nominated by the brand. No message history or member data is read by Crescence.

SmartyView DPA

United StatesUS postal address validation and normalization. Receives the shipping address of an office account at the point of address entry. No name or account identifier is transmitted; only the raw address string. US data residency.

Microsoft (Microsoft 365)View DPA

United StatesMicrosoft Teams and Outlook Calendar OAuth integration. Receives an OAuth authorization code and issues access + refresh tokens scoped to the user's Microsoft 365 tenant. Token data is stored encrypted per integration row. No message content or calendar event body is read by Crescence at this time. US data residency where the tenant is US-hosted.

QuickBooks Online (Intuit)View DPA

United StatesAccounting integration for brands. Receives invoice metadata (invoice ID, line items, totals, order reference) to push Crescence invoices into the brand's QuickBooks Online account. No office or buyer PII is transmitted to Intuit.

XeroView DPA

New Zealand (US data region available)Accounting integration for brands. Receives invoice metadata (invoice ID, line items, totals, order reference) to push Crescence invoices into the brand's Xero account. No office or buyer PII is transmitted to Xero.

ShipStationView DPA

United StatesShipping label generation and carrier rate shopping. Receives the shipment destination address and package dimensions for a fulfilled order. The label URL and void status are stored on the shipment row. Carrier tracking numbers are surfaced to the buyer.

Have I Been Pwned (HIBP)View DPA

AustraliaBreached-password detection at account creation and password change. Only the first 5 characters of a SHA-1 hash of the candidate password are transmitted (k-anonymity prefix API). No plaintext password, no email address, and no account identifier leaves Crescence servers.

Provider	Country	Function	DPA
Supabase	United States	Postgres database, file storage, authentication, real-time channels.	View
Vercel	United States	Application hosting and edge function execution.	View
Cloudflare	United States	DNS, CDN, Turnstile CAPTCHA.	View
Anthropic	United States	LLM provider for the Maia AI assistant.	View
Stripe	United States	Payments, Stripe Connect payouts, Stripe Tax, dispute handling.	View
Resolve	United States	Buy-now-pay-later checkout for Buyers (optional rail).	View
Resend	United States	Transactional email delivery, bounce + complaint tracking.	View
Plain	United States	Customer support inbox and chat widget.	View
PostHog	United States	Product analytics and A/B experiment variant assignment. Opt-in via cookie banner; off when GPC set.	View
Sentry	United States	Error tracking and source-map symbolication.	View
BetterStack	United States	Uptime monitoring, status page, on-call rotation.	View
Google LLC	United States	Google Calendar OAuth integration. Receives an OAuth authorization code and issues access and refresh tokens scoped to the user's Google Calendar. Token data is stored encrypted per integration row. No calendar event body or attendee data is read by Crescence at this time. Data residency follows Google Workspace tenant configuration.	View
Slack Technologies, LLC	United States	Slack OAuth integration. Receives an OAuth authorization code and issues a workspace-scoped access token. Token data is stored encrypted per integration row. Crescence uses the token solely to post order-event notifications to a workspace channel nominated by the brand. No message history or member data is read by Crescence.	View
Smarty	United States	US postal address validation and normalization. Receives the shipping address of an office account at the point of address entry. No name or account identifier is transmitted; only the raw address string. US data residency.	View
Microsoft (Microsoft 365)	United States	Microsoft Teams and Outlook Calendar OAuth integration. Receives an OAuth authorization code and issues access + refresh tokens scoped to the user's Microsoft 365 tenant. Token data is stored encrypted per integration row. No message content or calendar event body is read by Crescence at this time. US data residency where the tenant is US-hosted.	View
QuickBooks Online (Intuit)	United States	Accounting integration for brands. Receives invoice metadata (invoice ID, line items, totals, order reference) to push Crescence invoices into the brand's QuickBooks Online account. No office or buyer PII is transmitted to Intuit.	View
Xero	New Zealand (US data region available)	Accounting integration for brands. Receives invoice metadata (invoice ID, line items, totals, order reference) to push Crescence invoices into the brand's Xero account. No office or buyer PII is transmitted to Xero.	View
ShipStation	United States	Shipping label generation and carrier rate shopping. Receives the shipment destination address and package dimensions for a fulfilled order. The label URL and void status are stored on the shipment row. Carrier tracking numbers are surfaced to the buyer.	View
Have I Been Pwned (HIBP)	Australia	Breached-password detection at account creation and password change. Only the first 5 characters of a SHA-1 hash of the candidate password are transmitted (k-anonymity prefix API). No plaintext password, no email address, and no account identifier leaves Crescence servers.	View

Why this list matters

If you have a privacy concern that involves one of the providers above - for example, you want your Sentry-captured error data deleted - email privacy@crescence.co and we coordinate the request on your behalf.

← Back to home