Sub-Processors
Last updated: March 2026
The following third-party services process personal data on behalf of Riven in accordance with GDPR Article 28. All sub-processors are bound by data processing agreements (DPAs). Where data is transferred outside the UK/EEA, Standard Contractual Clauses (SCCs) or UK adequacy decisions apply.
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase Inc. | Database hosting, authentication, and file storage | Account data, business profiles, bookings, uploaded files | EU (Frankfurt, AWS eu-central-1) |
| Stripe, Inc. | Payment processing, subscription billing, and Connect payouts | Name, email, payment card details (PCI DSS compliant), bank account details | US / EU (data processed within the EEA where possible) |
| Resend, Inc. | Transactional email delivery | Email addresses, names, email content | US |
| Twilio Inc. | SMS notifications (booking confirmations, reminders) | Phone numbers, SMS message content | US |
| Vercel Inc. | Application hosting and CDN | IP addresses, request metadata, server-side rendering | Global edge (primary: US East) |
| HM Revenue & Customs (HMRC) | Making Tax Digital (MTD) income tax submissions | NINO, business income/expense summaries, self-employment data | UK |
| Plausible Analytics | Privacy-friendly website analytics (cookieless) | Page URLs, referrer, browser/OS (no personal identifiers) | EU (Germany) |
| Sentry (Functional Software, Inc.) | Error monitoring and performance tracking | Error stack traces, request metadata, browser info (PII scrubbed) | US |
If you have questions about our sub-processors or data processing practices, please contact us at privacy@riven.page.