At Macha, we are transparent about where your data lives and how it moves. We choose secure, privacy-compliant infrastructure to ensure that your data is handled responsibly.
Primary Data Location: Frankfurt, Germany (EU)
Most of your data — including product embeddings, agent responses, macros, and configurations — is stored and processed in Frankfurt, Germany. Our core infrastructure providers located in this region include:
-
Supabase – for vector embeddings and AI-relevant content
-
MongoDB – for dashboard configurations and metadata
-
DigitalOcean – for hosting the Macha application and APIs
Storing data within the EU helps us align with GDPR and European data protection standards.
Third-Country Data Transfers
Some features of Macha (e.g., AI generation) require data to be processed by third-country providers like OpenAI (United States). In these cases, we ensure legal compliance by using:
-
Standard Contractual Clauses (SCCs) – as approved by the European Commission
-
EU-U.S. Data Privacy Framework, where applicable
These safeguards ensure that even when data temporarily leaves the EU, your privacy rights remain protected.
Sub-Processors and Their Roles
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Data embeddings | Frankfurt, Germany |
| MongoDB | Config & metadata storage | Frankfurt, Germany |
| DigitalOcean | App hosting | Frankfurt, Germany |
| OpenAI | Generative AI processing | United States |
| Stripe | Billing and subscription data | APAC |
Each vendor is bound by strict Data Processing Agreements (DPAs) and undergoes security vetting before integration.
How We Handle International Transfers
When your data must cross borders, we ensure:
-
Transfers are limited to what’s necessary
-
All processors are contractually bound to strong privacy obligations
-
Encryption and access control continue to apply across all regions
Questions?
If you need more technical detail or our full list of sub-processors, reach out to us at support@getmacha.com.