Sub-processors

These are the third-party services Vision uses to deliver the product. Each row names what data the sub-processor sees, the region the data is processed in, and a link to that vendor's data-processing agreement. We are explicit about the full list because procurement officers always ask — and we'd rather publish it than email it on demand.

Stripe Payments Europe Ltd.

Service: Subscription billing, payment-method storage, customer portal
Data accessed: Owner email, organisation name, subscription state, last-4 of card (never the PAN)
Region: EU + tenant's country (Stripe routes per shopper)
DPA / agreement: stripe.com/legal/dpa

Resend Inc.

Service: Transactional email (verification, password reset, booking notifications, lab-order updates)
Data accessed: Recipient email + the rendered email body (which includes shop name + customer name on lab-order / booking notifications only)
Region: United States
DPA / agreement: resend.com/legal/dpa

PostHog Inc.

Service: Product analytics (page-views, signup-funnel events). No-op when NEXT_PUBLIC_POSTHOG_KEY is unset; opt-in via cookie consent.
Data accessed: Anonymous distinct_id pre-signup; user.id + organization_id + email post-signup. No customer / visit / line-item data.
Region: EU (eu.i.posthog.com)
DPA / agreement: posthog.com/dpa

HubSpot Inc.

Service: Marketing-form submissions on /contact. Optional; only fires when HUBSPOT_PORTAL_ID + HUBSPOT_CONTACT_FORM_GUID are set.
Data accessed: Submitted name + email + mobile + message text
Region: United States / EU (operator selects on tenant onboarding)
DPA / agreement: legal.hubspot.com/dpa

Vercel Inc.

Service: Application hosting + edge runtime + access logs
Data accessed: Request paths, IP addresses, user-agent strings; encrypted-in-transit body of every request
Region: Operator selects per deployment; reference deployment uses iad1 (us-east-1)
DPA / agreement: vercel.com/legal/dpa

Neon Inc. (managed Postgres)

Service: Database hosting (the entire tenant data store)
Data accessed: All tenant data (encrypted at rest at the storage layer; access via SSL-required connections only)
Region: Operator selects (eu-central-1 / us-east-2 / ap-southeast-1); reference deployment uses ap-southeast-1 (Singapore) until UAE region is GA
DPA / agreement: neon.tech/dpa

Vendor	Service	Data accessed	Region	DPA / agreement
Stripe Payments Europe Ltd.	Subscription billing, payment-method storage, customer portal	Owner email, organisation name, subscription state, last-4 of card (never the PAN)	EU + tenant's country (Stripe routes per shopper)	stripe.com/legal/dpa
Resend Inc.	Transactional email (verification, password reset, booking notifications, lab-order updates)	Recipient email + the rendered email body (which includes shop name + customer name on lab-order / booking notifications only)	United States	resend.com/legal/dpa
PostHog Inc.	Product analytics (page-views, signup-funnel events). No-op when NEXT_PUBLIC_POSTHOG_KEY is unset; opt-in via cookie consent.	Anonymous distinct_id pre-signup; user.id + organization_id + email post-signup. No customer / visit / line-item data.	EU (eu.i.posthog.com)	posthog.com/dpa
HubSpot Inc.	Marketing-form submissions on /contact. Optional; only fires when HUBSPOT_PORTAL_ID + HUBSPOT_CONTACT_FORM_GUID are set.	Submitted name + email + mobile + message text	United States / EU (operator selects on tenant onboarding)	legal.hubspot.com/dpa
Vercel Inc.	Application hosting + edge runtime + access logs	Request paths, IP addresses, user-agent strings; encrypted-in-transit body of every request	Operator selects per deployment; reference deployment uses iad1 (us-east-1)	vercel.com/legal/dpa
Neon Inc. (managed Postgres)	Database hosting (the entire tenant data store)	All tenant data (encrypted at rest at the storage layer; access via SSL-required connections only)	Operator selects (eu-central-1 / us-east-2 / ap-southeast-1); reference deployment uses ap-southeast-1 (Singapore) until UAE region is GA	neon.tech/dpa

Every Vision deployment is independent — when you self-deploy, you can swap any of these sub-processors for an equivalent (e.g., self-hosted Postgres + your own SMTP). The list above describes the reference deployment; your contract is with the operator who runs your tenant.

Changes to this list

Material changes (new sub-processor, change of data-processing region for an existing one) are notified 30 days in advance to the OWNER email on every affected tenant. Subscribe to the change notification list at the address below.

privacy@visionsaas.example