Sub-processors
Last updated: 22 April 2026
The third-party providers we engage to deliver WashFlow. Each is bound by a written Data Processing Agreement.
Current list
The table below is the canonical list of sub-processors we use as of the date above. Changes are announced by email to tenant admins at least 30 days before they take effect.
| Provider | Role | Data categories | Region | DPA |
|---|---|---|---|---|
| Neon, Inc. | Managed PostgreSQL hosting (primary database, backups) | All Customer Data (encrypted at rest). Includes tenant records, users, bookings, invoices, audit logs. | EU (Frankfurt) | Link |
| Clerk, Inc. | Authentication & identity provider | User emails, names, phone numbers, session tokens, MFA configuration, IP addresses. | US (DPF-certified) | Link |
| Resend, Inc. | Transactional email delivery | Recipient email, subject, rendered body of booking confirmations, reminders, invoices. | US (SCCs in place) | Link |
| Cloudflare, Inc. | CDN, Turnstile bot-challenge, R2 object storage (invoice PDFs) | Request metadata, IP addresses; invoice PDFs (contain names, addresses, VAT numbers). | EU-available (R2 bucket located in EU) | Link |
| Stripe, Inc. | Payment processing and subscription billing | Billing contact, payment method tokens (Stripe retains card data, we never see PAN), transaction amounts. | US (DPF-certified) | Link |
| Fortnox AB | Accounting / bookkeeping integration (optional, tenant-enabled) | Customer company names, organization numbers, invoice line items. | Sweden | Link |
| Sentry (Functional Software, Inc.) | Error monitoring | Stack traces, request metadata, user IDs (pseudonymized). No form input is sent. | US (SCCs in place) | Link |
| Upstash, Inc. | Redis-compatible rate-limit store | Hashed rate-limit keys (IPs, user IDs). No request bodies. | EU (Frankfurt) | Link |
| Vercel, Inc. | Application hosting (Next.js), cron scheduling, edge network | Request logs, IP addresses, all in-flight data while the app is serving a request. | US (DPF-certified) with EU edge regions | Link |
How to object to a new sub-processor
If we propose to add or replace a sub-processor, you will receive an email notification at your admin address 30 days before the change. If you have a reasonable data-protection objection, reply to that email within the 30-day window. We'll work in good faith to find an alternative; if none exists you may terminate the affected Service component without early-termination fees.