Subprocessors
Effective date: 23 April 2026
Ripazo is operated by LexMulier (sole trader), KvK 92535755, Zeist, Netherlands. Under GDPR terminology we are the data controller for all personal data processed through Ripazo. The companies on this page are our subprocessors — third parties we rely on to actually run the service.
We keep this list short on purpose. Every subprocessor we add increases the surface area of your data, so we only add one when the alternative is building significant infrastructure ourselves.
How we choose subprocessors
Before we add a subprocessor we check four things:
- Data location. We strongly prefer EU-hosted providers. For US-based providers we require an adequacy decision (EU-US Data Privacy Framework) or Standard Contractual Clauses.
- Data minimisation. The subprocessor only sees the data categories it needs to do its job.
- Security posture. Current SOC 2 Type II or equivalent certification.
- DPA terms. A signed Data Processing Agreement with reasonable sub-processing, breach-notification, and deletion terms.
Change process
We update this page before a subprocessor change takes effect. Once you have an account we also notify you by email at least 30 days before a material change so you can object. If you object, your options are: use the service without the new subprocessor (if technically feasible), or close your account with a pro-rata refund of any unused subscription period.
Current subprocessors
| Processor | Purpose | Data categories | Location | Legal safeguard |
|---|---|---|---|---|
| Supabase | Database, authentication, file storage | All account + content data: email, name, hashed password, bookings, photos, documents | EU (Frankfurt, Germany) | GDPR-compliant by default; EU-only project; signed DPA |
| Vercel | Website hosting + CDN | IP address, request logs (retained ~24 hours for abuse monitoring) | EU edge + US fallback | Standard Contractual Clauses + EU-US Data Privacy Framework |
| Stripe | Subscription billing | Billing address, card last-4, invoice history, tax identifiers | EU + US | Standard Contractual Clauses + EU-US Data Privacy Framework; PCI-DSS Level 1 |
| Resend | Transactional email | Email address + message content (invites, password resets, account deletion confirmation) | EU | EU-only sending infrastructure; signed DPA |
| PostHog | Product analytics — only if you consent | Anonymous session + page-view events, browser, country (geo-IP resolved server-side) | EU (eu.i.posthog.com) | Consent-gated; no analytics fires without your opt-in |
| Sentry | Error tracking — only if you consent | Stack trace, URL, browser, error message | EU | Consent-gated; IP and email scrubbed before send |
How we protect data in transit
All subprocessor traffic travels over TLS 1.2 or higher. Credentials are never passed in URLs or logs. Server-to-server traffic between Supabase, Vercel, and our own functions uses short-lived service-role tokens rotated every 24 hours.
What we do not do
- We do not use advertising networks.
- We do not share customer data with data brokers.
- We do not train AI models on your content.
- We do not sell data.
Questions or objections
info@ripazo.com — we respond within 30 days.
You can also file a complaint with the Dutch supervisory authority:
Autoriteit Persoonsgegevens Hoge Nieuwstraat 8, 2514 EL Den Haag autoriteitpersoonsgegevens.nl
