Sub-Processors
The third-party service providers Cheerfully uses to deliver the Services, what each one processes on our behalf, and where the processing takes place.
Effective: May 3, 2026
Last Updated: May 3, 2026
1.What this list covers
GDPR Art. 28(2) and CCPA / CPRA require us to disclose every third-party “processor” / “service provider” to whom we send personal information. The list below enumerates each such provider, the operational purpose it serves, the categories of personal data we send it, and the region in which the data is processed. Each provider is contractually bound by a written data-protection agreement that imposes confidentiality, security, sub-processing notification, and breach-notification obligations consistent with GDPR Art. 28.
Notice of changes
2.Current sub-processors
| Provider | Purpose | Data processed | Region | DPA / privacy |
|---|---|---|---|---|
| Vercel Inc. | Application hosting (public site), edge runtime, and Vercel Web Analytics (consent-gated). | IP address, user-agent, derived geographic region, device class, request paths. Analytics is cookieless but is still personal data; it loads only after the visitor grants the “Analytics” consent category. | United States (global edge network). | Reference |
| Google LLC — Google Maps Platform | Maps JavaScript SDK, Static Maps API, Places API, and Geocoding API used to render venue locations and resolve addresses. Functional-consent-gated on the public site. | IP address, user-agent, page URL, map viewport coordinates, search queries entered into Maps-driven inputs. | United States (global service infrastructure). | Reference |
| Google LLC — OAuth | Optional “Sign in with Google” flow on the public app and admin app. | Email address, basic profile (name, profile photo URL) returned by Google after the user authorises sign-in. | United States. | Reference |
| OpenAI, L.L.C. | Large-language-model inference for venue search, party planning agents, and the embedded venue chat widget. Accessed via the OpenAI REST API and via LangChain’s OpenAI adapter. | User-authored prompts and the messages exchanged with the planning agents. We do not send authentication tokens, payment information, or password fields. OpenAI does not train on data sent through the API per OpenAI’s default API data-handling policy (zero-retention training). | United States. | Reference |
| Twilio Inc. — Voice & SMS | One-time-passcode delivery for venue-claim phone verification (voice call + SMS). | Phone number, the OTP code sent to that number, and the call/SMS delivery metadata Twilio retains for audit. | United States (with global delivery infrastructure). | Reference |
| Twilio SendGrid | Transactional email (account verification, RSVP, billing receipts, planner notifications) and operational broadcast emails. | Recipient email address, recipient display name, the rendered email content, and SendGrid’s own delivery / bounce / open metadata. | United States. | Reference |
| Stripe, Inc. | Payment processing for one-off charges (venue search credits, party-planner unlocks) and subscription billing (Pro / Business / Autopilot tiers). Webhook events drive entitlement state. | Billing name, billing email, billing address, last-4 of card / payment-method tokens, charge amounts, subscription state. Cheerfully does not store the primary account number — Stripe tokenises it. | United States. | Reference |
| DigitalOcean, LLC — Spaces (S3-compatible) | Object storage for user-uploaded media (invitation photos, avatars, venue media). | Uploaded image / video files. File-naming uses opaque identifiers — the storage layer itself does not see the user’s name or email. | Per-bucket. The default Cheerfully bucket region is published in the bucket configuration; consult `[cheerfully-core/.env.example](https://github.com/)` `SPACES_REGION` for the live value. | Reference |
| MongoDB, Inc. — Atlas (or self-managed MongoDB) | Primary application database for all user, party, and venue records. | All persisted user data: account information, party plans, invitations, RSVP responses, planning chat history, venue records, billing references, audit logs. Encrypted at rest by the storage provider. | When the workspace runs on MongoDB Atlas the cluster region is the one selected at provisioning time. Self-hosted deployments inherit the region of the underlying compute provider. | Reference |
| Cloudflare, Inc. — Turnstile | Bot-protection challenge on the embeddable venue chat widget. Configured per-venue and only loads on the venue’s own page. | IP address, user-agent, browser fingerprint signals collected by the Turnstile challenge widget. Cheerfully does not receive the raw signals — only Turnstile’s pass / fail token. | Global edge. | Reference |
A.Web Push (browser-routed)
Push notifications are delivered via the W3C Push API. The user’s browser vendor — typically Mozilla AutoPush, Apple Push Notification service, or Google’s Firebase Cloud Messaging — relays the encrypted payload from our backend to the user’s device. Cheerfully signs payloads with a VAPID key and never sends device-identifying data to any single named provider. The browser vendor does, however, see the request metadata. This is intrinsic to the W3C protocol and not unique to Cheerfully.
3.Questions or DPA requests
If you operate as a controller (e.g., a venue) and need a counter-signed Data Processing Addendum referencing the providers above, email dpo@cheerfully.ai. For privacy questions or data-subject rights requests, email privacy@cheerfully.ai or visit /privacy/preferences.