subprocessorsregisterchange notice

Subprocessors / vendor register

This is the canonical public list for subprocessors handling personal data on behalf of ProSafetyMatch. It aligns with the DPA, privacy statement and the current product configuration.

Go to DPA Go to Trust Pack Version overview

Mollie is not listed here as a subprocessor: we use Mollie for our own billing, not for customer platform data.

Application hosting

Vercel Inc. (EU-regio)

Web app, API, cron and static asset delivery

Serverless runtime is EU-oriented; build/CDN artefacts may differ per environment.

Database & authentication

Supabase (EU-regio of gekozen omgeving)

Storage, login and session management

In line with the selected project and customer-configured region.

Transactional email

Resend of andere geconfigureerde e-mailprovider

Invites, confirmations and system messages

Monitoring and logging

Sentry of andere geconfigureerde monitoringprovider

Error reporting and performance monitoring

Only when a DSN or comparable configuration is active.

Bot protection

Cloudflare Turnstile

Protection of forms and login flows

Push ecosystem

FCM / Web Push of vergelijkbare technische provider

Delivery of push notifications

Only when web or native push is technically configured.

Operational notifications

Slack of vergelijkbaar ops-kanaal

Technical warnings and ops alerts

Limited to aggregated or pseudonymous notifications where possible.

Customer-configured webhooks

HTTPS-eindpunten van de Klant

Event flow into customer systems

Not a standard PSM subprocessor in the strict sense; processing then falls under the customer's configuration.

File and object storage

Supabase Storage of andere gekozen backend

Uploads, evidence and attachments

In line with `FILE_STORAGE_BACKEND` and the selected bucket settings.

What a buyer gets from this

One source register for DPA and privacy.
Clear environment dependency per vendor.
Changes can be communicated through the DPA notice and version flow.