Trust
Every third party that touches OneBookPlus data, what they do, what they see, and where they store it. Real list — every row maps to a real production dependency, not a marketing template.
For the security architecture sitting underneath this list — encryption, MFA tiers, RLS, incident response — see /security.
The vendors holding the production database, files, and frontend. Your business data lives here. Hosting region is AWS Sydney (ap-southeast-2) — Australia, not the United States.
| Subprocessor | Purpose | Data accessed | Location |
|---|---|---|---|
Amazon Web Services (Sydney) Supabase production project region | Underlying cloud infrastructure for the production database and storage via Supabase. | All application data at rest — customer records, invoices, bookings, files, audit log. | Australia · AWS ap-southeast-2 (Sydney) |
Supabase @supabase/ssr, @supabase/supabase-js | Managed Postgres, Auth (incl. MFA / TOTP), Storage, and Realtime. | All application data, hashed passwords, MFA factors, session tokens, uploaded files. | Australia · AWS ap-southeast-2 (Sydney) |
Vercel next ^15, deployment target | Frontend hosting, edge caching, and serverless function execution for the Next.js app. | Request metadata (IP, headers, paths), short-lived request/response bodies in serverless function memory. Application data is not persisted on Vercel. | Global edge network with Sydney point of presence; functions run in nearest region |
Vendors that process specific slices of data on our behalf — payments, transactional email, SMS, calendar sync, and ATO lodgement. Some are international; where they are matters less than what they see, which is enumerated below.
| Subprocessor | Purpose | Data accessed | Location |
|---|---|---|---|
Stripe stripe ^20 | Payment processing for OneBookPlus subscriptions and for customer-facing invoicing via Stripe Connect. | Card data (handled by Stripe directly — never touches our servers), payer name and email, billing address, payout bank details for connected accounts. | United States and EU (Stripe-managed regions); AU presence for AUD acquiring |
Resend resend ^6 | Transactional email delivery (invoices, reminders, confirmations, system notifications). | Recipient email address, sender address, message subject and body, delivery status. | United States (AWS-hosted, Resend-managed) |
Twilio src/app/stay/[slug]/actions.ts, src/app/book/[slug]/actions.ts | SMS delivery for booking confirmations, reminders, and notifications where SMS is enabled. | Recipient phone number, message body, delivery status. | United States (Twilio-managed regions); AU sender IDs |
Google APIs (Calendar) googleapis ^171, src/lib/google-calendar.ts | Two-way calendar sync for tenants that connect a Google account — bookings written to / read from the connected calendar. | Booking subject, start / end time, attendee email — only for the calendar the tenant explicitly connects. | Google-managed regions (global) |
Australian Taxation Office (ATO) @onebookplus/sbr-client | Direct lodgement of STP pay events, BAS, and tax returns via SBR for tenants that activate ATO Tax Lodgement. | Lodgement payloads (employee earnings, BAS figures, tax return data) and ATO ABN / TFN identifiers. | Australia (Commonwealth Government infrastructure) |
Vendors that help us keep the platform up and debug it when it is not. They see operational metadata — stack traces, IPs, performance metrics — not business records.
| Subprocessor | Purpose | Data accessed | Location |
|---|---|---|---|
Sentry @sentry/nextjs ^10, sentry.server.config.ts, sentry.edge.config.ts | Error and exception reporting from the web app for triage and debugging. | Stack traces, route paths, request metadata, and user IDs where attached. PII in payloads is scrubbed by Sentry's data filters. | United States (Sentry-managed) |
Upstash (Redis) @upstash/ratelimit, @upstash/redis, src/lib/rate-limit.ts | Rate-limiting for public endpoints and authentication routes. | IP addresses and route identifiers used as rate-limit keys. No business data. | Upstash-managed regions (selectable; defaults to nearest provider region) |
Vercel Analytics & Speed Insights @vercel/analytics, @vercel/speed-insights | Aggregate page-view and Core Web Vitals telemetry for performance monitoring. | Anonymous, aggregated visitor metrics. No personal identifiers. | Vercel-managed |
Anthropic (Claude) @anthropic-ai/sdk ^0.95.1; src/lib/ai-companion/engine.ts (paid app); src/lib/claude-chat.ts (public chat widget) | Powers the AI Companion app ($25/mo App Marketplace add-on) and the marketing-site chat widget. AI Companion drafts message content (payment chase, no-show follow-up, EOD summaries, etc.) using Claude Haiku 4.5. The chat widget answers product questions using Claude Haiku 4.5 against a bundled documentation context. | Only the prompt content explicitly sent for the requested action — message templates, the action target (e.g. a single invoice's customer name + amount), and the public docs context for chat. Never bulk database scrapes; never tenant-wide data. Anthropic does not use API inputs to train models. | United States (Anthropic-managed). Tenant data at rest remains in AWS Sydney. |
Email security@onebookplus.com.au and we will answer with specifics. For data subject access or deletion requests, see the privacy policy.
Last reviewed and updated: by Bishal Shrestha