Legal
Subprocessors
We publish every vendor that processes data on our behalf. Customers of Safe Trip for Teams will receive 30 days’ advance notice (60 for Enterprise) before any new sub-processor is engaged with access to Customer data.
Active subprocessors
| Vendor | Purpose | Location | Data |
|---|---|---|---|
| Railway | Web hosting (Next.js application server) | EU · europe-west4 (Netherlands) | Application traffic, server logs (7 day retention) |
| Cloudflare | DNS, edge caching, DDoS / WAF protection | Global edge; primary contracting entity in Ireland (EU) | Request metadata (IP, user-agent, URL) for security and routing |
| GitHub | Source-code repository (no visitor data is stored here) | United States; SCCs in place for any EU data | Source code only; no visitor or customer data |
| Plausible Analytics | Cookieless aggregate web analytics | EU · Germany | Aggregate page views, anonymous referrer / device class. No cookies, no personal identifiers stored. |
Planned subprocessors
These are vendors named in the Safe Trip blueprint but not yet engaged. They will appear in the active table above (with a notice on the changelog) once integrated.
- Resend, transactional email (when account signup launches)
- Stripe, payments (when Pro / Teams launch)
- PostHog Cloud, product analytics for B2B funnels (with consent flow)
- Sentry, error tracking
- Inngest, scheduled data-ingestion jobs
- Cloudflare R2, object storage for OG images and country flags
Reporting changes
Notifications of new sub-processors are published on the changelog. Teams customers will additionally receive email notice. Object on reasonable grounds within 30 days; if we cannot accommodate the objection, you may terminate the affected portion of the Service.
Contact
Data-protection enquiries: [email protected].