We choose providers with reasonable security practices. Data may be transferred outside the European Economic Area. Contractual safeguards (e.g. Standard Contractual Clauses) apply where required. Contact us to request a Data Processing Agreement summary for your organization.
| Provider | Role | Location | Privacy |
|---|---|---|---|
| Vercel Inc. | Hosting, CDN, and serverless execution for the web application | United States (global edge network) | Policy |
| Supabase Inc. Configure EU region in Supabase project settings when available for your plan. | Authentication, database, and file storage for accounts and saved rides | United States (region configurable; EU hosting available on paid plans) | Policy |
| Mapbox Inc. | Map tiles, geocoding, and map rendering APIs | United States | Policy |
| Stripe Inc. We do not store full card numbers; Stripe handles payment credentials. | Payment processing for Plus / Creator subscriptions (when checkout is enabled) | United States / Ireland (Stripe Payments Europe for EU cards where applicable) | Policy |
| Resend Inc. Human contact mail uses Zoho on ride2map.app; automated sends use Resend. | Transactional email delivery (e.g. Plus welcome) from send.ride2map.app | United States (us-east-1) | Policy |
| Google LLC Only when you choose “Continue with Google”. | Optional Google OAuth sign-in and Google Fonts delivery | United States | Policy |
| Strava Inc. Data is fetched only after you authorize the connection; subject to Strava API terms. | Optional OAuth and activity API when you connect Strava | United States | Policy |
Connected apps (user-initiated)
When you connect Strava, Floaty, or import from Ride Hermes, those services process data under their own policies. We only call them after you authorize or paste a public URL.