Trust Center
Welcome to MacStadium's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
If you need to request that our GRC team complete a custom questionnaire or online assessment as part of your vendor evaluation process, please submit the document or URL through this trust center after requesting portal access above and then create security@macstadium.com as the user account in your vendor platform. Please be advised that email requests will not be fulfilled without a registered account and submission of your request through the trust center portal.
Pandora
Sauce Labs
Dropbox
Shopify
Delta Air Lines
Capital One
AppDynamics
Nubank
J.P. Morgan & Co.
Johnson & Johnson
Accenture
GitLab
Bitrise
Homebrew
Box
Thumbtack
iFood
Slack
Wix.com
Jamf
Swift App School
Glovo
Sub-processor addition notification: Zapier, Inc.
MacStadium is committed to protecting the security and privacy of the personal data you entrust with us. To continue delivering the highest quality of service, we periodically update the third-party vendors and service providers ("sub-processors") that assist us in providing MacStadium services. These sub-processors help us to deliver product features, improve customer support, maintain critical infrastructure, and enhance service reliability.
In accordance with our contractual obligations, this notice is to inform you of the addition of the following subprocessor, with the intent to commence on July 5th, 2025:
Sub-processor: Zapier, Inc.
Headquarters Location: United States
Location of hosting: United States
Service Provided: Workflow integration for customer support case management systems
Data Handled: Customer support ticket information, including contact information and customer content processed as part of troubleshooting issues.
As the leader in workflow automation, Zapier empowers businesses to automate workflows and securely move data across applications. Zapier, Inc. adheres to industry-standard security and data privacy practices. MacStadium has implemented appropriate data processing agreements and safeguards to protect your data while it is stored or processed by Zapier, Inc. More information on Zapier's security practices can be found at https://trust.zapier.com
Effective Date: July 05, 2025 Reason for Use: MacStadium Technical Support is implementing Zapier for managing customer inquiries and support requests between our Jira and ZenDesk service platforms.
What You Need to Do
No action is required on your part if you agree to these updates. However, if you wish to object to our use of this new MacStadium sub-processor for reasons related to data protection, please send an email to privacy@macstadium.com within thirty (30) days of this notification with both:
- The subject “Sub-processor Objection”, and
- The grounds for the objection.
Please note that MacStadium has undertaken appropriate due diligence to ensure any requirements of MacStadium as it relates to its use of subprocessors has been considered and satisfied. Please also note that this subprocessor update does not result in any changes to the personal data types or categories referenced in any applicable Data Processing Agreement (DPA) or similar such agreement between you and MacStadium.
Additionally, the following list of former subprocessor vendors are no longer being utilized by MacStadium and have been removed from service:
- Stitch Data
- Referral Rock
- UserGems
- Firebase
- Mailgun
- PlanetScale
Appropriate measures have been taken to delete all personal information that was previously processed or stored by these vendors in accordance with our contractual obligations.
You may view the full list of MacStadium’s subprocessors in the MacStadium Trust Center by visiting https://trust.macstadium.com/
Thank you for trusting MacStadium to manage your data with the highest standards of security and compliance.
The MacStadium Privacy Team
privacy@macstadium.com
MacStadium ISO 27001 and SOC 2 Type II Reports Now Available
Hello, MacStadium customers, MacStadium's annual ISO 27001/27017/27018 and SOC 2 Type II reports for the 12-month period ending on November 30th, 2024, are now available. All MacStadium customers are welcome to obtain a copy of the report for review via our Trust Center. Please reach out to security@macstadium.com if you have any questions.
Best Regards,
The MacStadium Security & Compliance Team
MacStadium 2024 Annual Penetration Testing
MacStadium's 2024 annual penetration testing engagement performed by Converge Technology Solutions (https://convergetp.com/cybersecurity/) has been completed and all reports are now available for review and download in the trust center .
Notice of Updates to the MacStadium Privacy Policy and Sub-processor Listing
At MacStadium, we are committed to security, privacy, and transparency. We are writing to notify you that we have updated our Privacy Policy in accordance with the latest EU-US Data Privacy Framework provisions. As such, we encourage you to take a moment to review the updated policy.
These updates will take effect on October 1st, 2024. By using our services on or after that date, you’ll be agreeing to these revisions. You should take the time to read the policy in full, but the key updates include: • Compliance with the UK Extension to the EU-U.S. Data Privacy Framework principles for UK data subjects
Remember, you can use the controls we have described in the updated policy to limit the information we collect about you or how we use it.
Please note that we have also updated the list of MacStadium Sub-Processor Vendors that we use in the marketing, delivery and support of services to our customers. We perform reviews of the data privacy contractual commitments and security controls implemented by each of these vendors on a regular basis to ensure that the same commitments we make to you are maintained by our suppliers.
Updates to the sub-processor listing include: • The addition of ZenDesk as a new sub-processor used for the purpose of customer service & support • The addition of ProductBoard as a new sub-processor used for the purpose of product management customer engagement
If you have any questions or concerns, please contact us at privacy@macstadium.com.
Thank you,
MacStadium Data Privacy Team
Security & Compliance is a Shared Responsibility
MacStadium security & compliance Shared Responsibility Models are now available for download in the trust center documents listing.
Security and Compliance is a shared responsibility between MacStadium and the customer. This shared responsibility model can help relieve the customer’s operational burden as MacStadium manages security controls for the infrastructure supporting your dedicated cloud environment down to the physical security of the facilities in which the service operates.
The customer assumes responsibility and management of the infrastructure software and data within their dedicated private cloud environment (including updates and security patches), other associated application software as well as the management of the MacStadium provided firewall at the time of service handoff. Customers should carefully consider the services they choose as their responsibilities vary depending on the product technologies and services used, the integration of those services into their IT environment, and applicable laws and regulations. The nature of this shared responsibility is intended to provide flexibility and customer control.
Please refer to MacStadium's Consensus Assessment Initiative Questionnaire (CAIQ) for additional detailed information regarding customer, MacStadium, and 3rd party responsibilities.