bsns.cc
Sub-processors
Last updated May 31, 2026
The third parties below process bsns.cc customer data on our behalf. The list is exhaustive for the default deployment; the “optional integrations” section only applies when a tenant has connected the vendor.
A change to this page is a change to source — pull-request reviewable. We commit to giving 30 days’ notice (via /status and email to tenant admins on file) before a new sub-processor begins processing data.
DPA status legend. Executed a data-processing addendum has been countersigned for bsns.cc, Inc. specifically. Standard termsthe vendor’s published DPA applies via their standard terms and is binding by acceptance. Review pendingthe relationship exists but the DPA hasn’t been reviewed yet. Not applicable the vendor does not process customer personal data on our behalf.
Core infrastructure
These vendors host the application and persistent data. Outages on either translate directly to bsns.cc downtime.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| Vercel | Application hosting and edge delivery for every bsns.cc app and the auth portal. Vercel's published DPA + sub-processor list applies. | United States (us-east-1) | Standard terms |
| Neon | Managed Postgres for the customer-identity (sso) and business-data (cent_app) databases. Three projects: cent-prod, cent-staging, cent-dev. | United States (us-east-1) | Standard terms |
| Vercel Blob | Object storage for signed PDFs, uploaded attachments, exported archives. Covered by Vercel platform DPA. | United States | Standard terms |
Identity, secrets, and credentials
These vendors hold either authentication factors or operational secrets used to access other systems.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| 1Password | Primary operator-secret store: production credentials, encryption keys, third-party API tokens. Does not store customer PII; operator secrets only. | Canada / United States | Standard terms |
| Bitwarden | Encryption-key escrow with fingerprint-guard CI check. Backup of 1Password key material. Does not store customer PII; key escrow only. | United States | Standard terms |
Communications
Email, SMS, and voice providers. Customer message metadata and content transits through these vendors.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| Resend | Transactional email delivery (invites, password reset, signing notifications, customer-facing receipts). | United States | Standard terms |
| Twilio | SMS, voice, and call-recording for the loop app. Tenant-configurable; not every tenant uses Twilio. Per-tenant credentials — each customer's traffic rides their own Twilio account when configured. | United States / Global | Standard terms |
| Telnyx | Alternative SMS/voice provider, tenant-configurable; per-tenant selection. | United States / Global | Standard terms |
Payments and financial
Card processing, bank linking, and accounts-receivable rails. Cardholder data does not transit bsns.cc; we hold tokens only.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| Stripe | Card and ACH processing for AR invoices in bill and work; subscription billing for the suite itself. PCI scope is minimized by hosted-checkout — full cardholder data never reaches our infrastructure. | United States / Global | Standard terms |
| Plaid | Bank-account linking and balance refresh for the /finance dashboard. Tenant-optional. | United States | Standard terms |
AI and inference
Model providers used by the support agent, workflow copilot, and OCR. Zero-retention configurations preferred where the provider offers them.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| Anthropic (Claude API) | Powers the in-app support agent, the workflow copilot, agentic actions behind the AI feature gate, and OCR helpers. Zero-data-retention mode requested where applicable. Tenant opt-in binding; $0 default budget fails closed. | United States | Standard terms |
Operational tooling
Caching, rate-limiting, monitoring, and alerting. These vendors see request metadata and operational telemetry but not stored business records.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| Upstash (Redis) | Cross-region rate-limiter state for auth, MFA, password-reset, and invite endpoints. Holds short-TTL counters keyed by IP/email/userId. | United States / Global | Standard terms |
| Better Stack | Uptime monitoring and on-call alerts for public endpoints. Receives URLs and HTTP-status metadata; no payload bodies. | United States / European Union | Standard terms |
| ntfy.sh | Operator-side alert fan-out for cron failures, observability alerts, and incident notifications. Alert payloads are PII-safe by construction (no tenant data, no user identifiers — only the alert type and a request ID). | European Union | Not applicable |
| Healthchecks.io | Independent cron dead-man's switch on a separate provider from Better Stack to avoid single-vendor blind spots. Ping metadata only; no customer data. | United States | Not applicable |
Optional integrations (customer-initiated)
These vendors are involved only when a tenant connects them. A tenant that doesn't use the integration has no data flowing to the vendor.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| Google (Calendar, Sign-in) | Two-way calendar sync for the work planner and the rsvp booking flow; optional Sign-in-with-Google for the auth portal. OAuth-based; only tokens are stored, encrypted with PII_ENCRYPTION_KEY. | Global | Standard terms |
| Zoom | Video-conferencing link creation for rsvp bookings when the tenant has connected Zoom. | United States / Global | Standard terms |
| Checkr | Background checks during the crew onboarding flow. Driver / employee PII flows directly to Checkr at the tenant's direction. Per-tenant API keys; each tenant has its own Checkr relationship. | United States | Standard terms |
| Samsara | Telematics ingestion for the ride and auto verticals. Per-tenant API keys. | United States / Global | Standard terms |
What's not here
A handful of vendors touch the company but never see customer data and so don’t belong on this list: GitHub (source control of code, not data), Anthropic Console (operator-side AI tools used by Graham personally, not embedded in product), analytics on the marketing site only (no authenticated session activity), and standard developer tooling (npm, GitHub Actions). If we add a tool that begins to touch customer data, this list gets a new row before the data starts flowing.
Questions
Email security@bsns.cc for clarification on any row, or to request an executed DPA. For privacy-specific questions, privacy@bsns.cc.