Subprocessors
Last updated: 2026-05-23
The following third parties process Personal Data on Heldly's behalf (or, where noted, alongside Heldly) in order to deliver the Service. Per our DPA, we will provide at least 30 days' notice before adding or replacing a subprocessor by updating this page.
To receive change notifications by email, write to security@heldly.io.
| Subprocessor | Purpose | Data processed | Region & transfer mechanism |
|---|---|---|---|
| Supabase (EU-West) | Primary database, file storage, auth backing. | All Customer Personal Data — accounts, workspaces, meetings, audit log, Google Calendar OAuth tokens, MCP OAuth tokens. | EU (eu-west-1, Dublin, Ireland) EU only |
| Vercel (EU) | Application hosting and serverless compute. | Application logs (no Personal Data persisted). | EU (arn1, Stockholm, Sweden) — application servers EU only at rest; global edge access for static assets |
| Resend | Transactional email delivery (picker invites, confirmations, host notifications). | Recipient email addresses, sender email address, message content (which contains the meeting topic and proposed times), open/click events. | United States EU SCCs + recipient certified under EU-US DPF |
| Stripe Payments Europe Ltd. | Subscription billing and customer portal. | Workspace billing email, payment method (card vaulted by Stripe — Heldly never sees card numbers), invoices. | Ireland (primary) with US affiliates EU SCCs + recipient certified under EU-US DPF |
| Google (sign-in + Google Calendar API) | Authentication for hosts using Google sign-in, plus the Google Calendar API that Heldly uses on the host's behalf to read availability, place tentative holds, confirm chosen slots, and delete unpicked siblings. | Email address, name, Google subject id (sign-in). Free/busy intervals within the host's specified booking window; tentative and confirmed calendar events Heldly creates on the host's primary calendar (Google Calendar API). Scopes: openid, email, profile, calendar.events, calendar.readonly. | Global EU SCCs + recipient certified under EU-US DPF |
| Sentry (Functional Software, Inc.) — EU region | Application error tracking and observability. Captures stack traces, route paths, and request metadata when Heldly's server or client code throws an exception. | Stack traces, error messages, route paths, anonymous user identifier (uuid), environment tag. Email addresses, meeting topics, meeting agendas, and the booking-route POST body are stripped via a before-send redaction hook before events leave Heldly's runtime — Sentry never sees invitee email, host email, or meeting content. | EU (Frankfurt / Berlin — *.ingest.de.sentry.io) EU only |
| PostHog (EU) | Product analytics. Funnel tracking (signin → first booking), page-view counts, anonymous event counters. Cookieless — distinct id stored in browser memory only, cleared on tab close. | Anonymous distinct id per session, page paths, event names and a small set of properties (e.g. meeting duration, co-host count) — never invitee email, never meeting topic, never agenda text. | EU (Frankfurt, Germany — eu.i.posthog.com) EU only |
| WorkOS (Business SSO) | SAML/OIDC SSO and SCIM provisioning for Business workspaces. Activated only when a Business workspace enables SSO via the Admin Portal. | Email address, name, SSO subject id, group membership. | United States EU SCCs + recipient certified under EU-US DPF |
| Anthropic (Claude) | End-user's LLM. The host runs Claude themselves; Anthropic is not Heldly's subprocessor in the GDPR sense — Heldly does not send Personal Data to Claude. Listed for transparency because the product is positioned around Claude. | None sent by Heldly. The host's own conversation with Claude may contain meeting context. | United States (the host's own contract with Anthropic governs) Not Heldly's subprocessor |
Heldly is operated by Capable Agents AB, org.nr 559504-0444, Bäckaskiftsvägen 68, 122 42 Enskede, Sweden. For data-protection questions, contact privacy@heldly.io.