Third parties
Technical subprocessors
This is the intended private-beta provider boundary. The customer-specific signed DPA must name the actual configured providers, regions, runner host, and transfer safeguards before a portal is connected.
Last updated 18 July 2026 · private beta
Provider inventory
| Provider | Purpose | Location / transfer |
|---|---|---|
| Supabase | Database and authentication | Frankfurt, EU |
| Vercel | Application and API compute | Frankfurt, EU; verify deployment |
| Inngest | Background orchestration | EU environment |
| Scaleway | Independent encrypted dumps | Paris, EU |
| Sentry | Scrubbed error monitoring | EU region |
| PostHog | Placeholder-only aggregate pageviews | EU Cloud |
| Plausible | Cookie-free aggregate pageviews | EU Cloud |
| Resend | Operational email | Ireland dispatch; metadata may be stored in the US |
| GitHub | Source, Actions control plane, and environment-secret delivery | Global control plane / potential US transfer; customer dumps use separate ephemeral EU compute |
Payload limits
CRM property values are not intentionally sent to notification email, analytics, or GitHub-hosted compute. Sentry and analytics are scrubbed and limited as described in the signed security schedule. GitHub and the dedicated backup runner still form a credential/live-database trust boundary; workflow and environment changes require controlled review.
Changes
Private-beta subprocessor changes are communicated under the signed DPA. Questions or objections can be sent to hello@restor.eu.