← Back to Trust Centre · Back to McKenzieCMS

Subprocessors Register

McKenzieCMS uses carefully selected third-party providers to deliver hosting, database, authentication, AI, payment and email services. These providers only receive the minimum information necessary to provide their services.

Important: This register is provided for transparency under UK GDPR. It should be reviewed before public launch and updated with your exact account configuration, data region choices, company details and ICO registration number where applicable.

Current Subprocessors

ProviderPurposeData that may be processed
Supabase Backend platform, database, authentication, case data storage, notification records, user profile data and application data. Names, email addresses, user IDs, case records, document metadata, role/permission settings, notification data and audit-related records.
Netlify Website hosting, deployment, static asset delivery, serverless functions and technical platform logs. IP addresses, browser/device information, request logs, deployment logs and technical diagnostics.
OpenAI AI-assisted drafting, case summaries, chronology generation, document review, bundle support and other AI preparation tools. Only information submitted to AI tools by the user, such as selected case text, timelines, summaries, draft statements or document extracts.
Stripe Payment processing, subscription billing, invoices, payment verification and fraud prevention. Name, email address, billing details, transaction records and payment status. McKenzieCMS does not store full card numbers.
Resend Transactional email delivery, including account messages, password/reset emails, notifications and system alerts. Name, email address, message subject, message body and delivery/status logs.

International Transfers

Some subprocessors may operate infrastructure outside the United Kingdom. Where personal data is transferred internationally, appropriate safeguards should be used in accordance with UK GDPR requirements.

AI Processing Notice

AI features should only process information that the user chooses to submit to the AI tool. Sensitive case information should not be used to train external AI models unless the user has clearly consented.

User Rights

Users can read more about how personal data is handled in the Privacy Policy, Data Retention Policy, Security & Backup Policy and AI Use Policy.

Privacy Policy Data Retention Security & Backups AI Use Policy Cookie Policy Trust Centre

Last reviewed: June 2026. Review before publication and update when providers, data regions or processing purposes change.