CheckInOS

This page lists third parties involved in delivering CheckInOS services, including subprocessors where applicable, to support transparency about vendor processing roles.

Current Vendor List

Vendor	Role	Service function	Data Categories	Region / Transfer context	Safeguards
Vercel	Subprocessor	Hosting and application delivery (runtime)	Service request/response metadata and operational diagnostics required to host and secure the service	Frankfurt (EU) deployment region; cross-border transfers may still occur depending on provider operations	Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)
Supabase	Subprocessor	Managed PostgreSQL database	Account data, authentication-related records, event and attendance data	EU project region; cross-border transfers may occur in limited support/operations contexts	Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)
Upstash	Subprocessor	Managed Redis for caching and short-lived state	Temporary session/cache values and operational state data	EU region; cross-border transfers may occur depending on provider operations	Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)
Resend	Subprocessor	Transactional email delivery	Email addresses, message content, ticket/OTP/invitation payload data	EU processing configured; cross-border transfers may still occur depending on provider operations	Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)
Google Identity (OAuth)	Independent controller (identity provider)	User authentication provider	Basic profile and identity claims needed for sign-in	Provider-controlled global infrastructure; international transfers may occur	Provider terms and transfer mechanisms, as applicable
Microsoft Entra ID (OAuth)	Independent controller (identity provider)	User authentication provider	Basic profile and identity claims needed for sign-in	Provider-controlled global infrastructure; international transfers may occur	Provider terms and transfer mechanisms, as applicable
Apple Sign in (OAuth)	Independent controller (identity provider)	User authentication provider	Basic profile and identity claims needed for sign-in	Provider-controlled global infrastructure; international transfers may occur	Provider terms and transfer mechanisms, as applicable

Vendor

Role

Service function

Data Categories

Region / Transfer context

Safeguards

Vercel

Subprocessor

Hosting and application delivery (runtime)

Service request/response metadata and operational diagnostics required to host and secure the service

Frankfurt (EU) deployment region; cross-border transfers may still occur depending on provider operations

Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)

Supabase

Subprocessor

Managed PostgreSQL database

Account data, authentication-related records, event and attendance data

EU project region; cross-border transfers may occur in limited support/operations contexts

Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)

Upstash

Subprocessor

Managed Redis for caching and short-lived state

Temporary session/cache values and operational state data

EU region; cross-border transfers may occur depending on provider operations

Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)

Resend

Subprocessor

Transactional email delivery

Email addresses, message content, ticket/OTP/invitation payload data

EU processing configured; cross-border transfers may still occur depending on provider operations

Contractual safeguards are applied where required under applicable law (including transfer safeguards where applicable)

Google Identity (OAuth)

Independent controller (identity provider)

User authentication provider

Basic profile and identity claims needed for sign-in

Provider-controlled global infrastructure; international transfers may occur

Provider terms and transfer mechanisms, as applicable

Microsoft Entra ID (OAuth)

Independent controller (identity provider)

User authentication provider

Basic profile and identity claims needed for sign-in

Provider-controlled global infrastructure; international transfers may occur

Provider terms and transfer mechanisms, as applicable

Apple Sign in (OAuth)

Independent controller (identity provider)

User authentication provider

Basic profile and identity claims needed for sign-in

Provider-controlled global infrastructure; international transfers may occur

Provider terms and transfer mechanisms, as applicable

Notes

GitLab CI/CD is used for deployment automation only. Based on our current architecture, GitLab is not a subprocessor for production end-user service data.

We may update this list when vendors, processing roles, or transfer arrangements change. The date at the top of this page reflects the latest revision.

For subprocessor questions or data protection requests, contact events@checkinos.com.

SUBPROCESSOR LIST

Current Vendor List

Notes