Last updated June 3, 2026
This page lists third parties involved in delivering CheckInOS services. The Added column shows when a vendor was first engaged for the listed role. Status shows whether the vendor is currently used for that role. Material changes are reflected by updating this page and the date above. Material changes are also notified by email or in-product notice to organizers where practicable. Organizers may object to new subprocessors as described in our Data Processing Agreement.
| Vendor | Role | Service function | Data categories | Region / transfers | Safeguards | Added | Status |
|---|---|---|---|---|---|---|---|
| Cloudflare (Workers / R2) | Subprocessor | Application hosting, edge delivery, incremental cache storage | Request metadata, operational logs, cached application artifacts | EU deployment where configured; global edge network may process metadata | Contractual transfer safeguards where required | 2024-06-01 | Active |
| Supabase (PostgreSQL) | Subprocessor | Primary application database | Account, organization, event, attendee, ticketing, check-in, billing references | EU project region; limited operational access may involve transfers | Contractual transfer safeguards where required | 2024-06-01 | Active |
| Upstash (Redis) | Subprocessor | Short-lived cache and OAuth/API token state | Temporary tokens, session-related cache values | EU region where configured | Contractual transfer safeguards where required | 2024-09-01 | Active |
| Resend | Subprocessor | Transactional email (tickets, OTP, invitations, support) | Email addresses, message content, attachments | EU-oriented configuration; provider operations may involve transfers | Contractual transfer safeguards where required | 2024-06-01 | Active |
| Stripe | Subprocessor / independent controller (payments) | Platform subscriptions, Stripe Connect ticketing payouts, webhooks | Payment identifiers, checkout metadata, connected account KYC data | Global payment infrastructure | Stripe DPA and applicable transfer mechanisms | 2025-01-01 | Active |
| Vercel | Subprocessor | Build and deploy pipeline (where used) | Hosting and deployment diagnostics only | EU region where configured; global operations possible | Contractual transfer safeguards where required | 2024-06-01 | Active |
| Google Identity (OAuth) | Independent controller | Optional sign-in | Name, email, provider identifiers | Provider global infrastructure | Google terms and transfer mechanisms | 2024-06-01 | Active |
| Microsoft Entra ID (OAuth) | Independent controller | Optional sign-in | Name, email, provider identifiers | Provider global infrastructure | Microsoft terms and transfer mechanisms | 2024-06-01 | Active |
| Apple (Sign in + Wallet) | Independent controller | Sign in with Apple; Apple Wallet passes when enabled for tickets | Name, email (if shared), provider identifiers; pass metadata when Wallet is used | Provider global infrastructure | Apple terms and transfer mechanisms | 2024-11-01 | Active (Wallet when feature enabled) |
| SendGrid | Subprocessor (fallback only) | Alternate email provider in codebase; not primary production path | Same categories as email delivery if activated | Provider-dependent | Contractual safeguards if activated | 2024-06-01 | Inactive (Resend is primary) |
| GitLab CI/CD | Not a production subprocessor | Deployment automation only | No routine production end-user personal data processing | N/A | N/A | 2024-06-01 | Not applicable to live service data |
Apple Wallet pass generation, when enabled, uses certificates configured by CheckInOS; pass delivery may involve Apple systems under Apple's terms.
For questions or subprocessor objections, contact events@checkinos.com.