The vendors we actually use.

Legal entity: Vercel Inc. · Region: United States

Purpose

Application hosting, edge delivery, blob storage for uploaded images, automated rate limiting.

What they can access

All data sent to or returned by the platform passes through Vercel's edge. Uploaded image files stored in Vercel Blob.

Legal entity: Neon, Inc. · Region: United States

Purpose

Managed PostgreSQL database hosting.

What they can access

All platform data: profiles, events, check-ins, ledger entries, legal acceptances, dispute records.

Legal entity: Google LLC · Region: United States

Purpose

User authentication and sign-in only. Not used for application data storage.

What they can access

Email address, password hash, sign-in method (email/password or Google OAuth), session tokens.

Legal entity: Resend, Inc. · Region: United States

Purpose

Transactional email delivery (verification, receipts, reminders).

What they can access

Recipient email address, email subject and body content, delivery status events.

Legal entity: Stripe, Inc. · Region: United States

Purpose

Subscription billing and payment processing for paid organization tiers.

What they can access

Organization billing contact, billing address, payment method (handled directly by Stripe; card data never touches our servers). Stripe never receives volunteer personal information.

Legal entity: Checkr, Inc. · Region: United States

Purpose

Consumer reporting agency for background checks on volunteer roles that require them.

What they can access

Information needed to run a background check (name, date of birth, last four digits of SSN, address history). Transmitted only when a host organization requires a background check for a specific role and the volunteer separately authorizes the check.