Subprocessor Inventory
MeshBoard Subprocessor Baseline
This inventory lists the service providers used to run, secure, observe, and support the app. Region details are deployment-specific and should match the hosting record for the production environment.
| Provider | Service Type | Data Categories | Purpose | Status |
|---|---|---|---|---|
| Hetzner | Infrastructure hosting | App runtime, API, worker, database, proxy | Host the production service | Active |
| Cloudflare | DNS / tunnel / edge delivery | Request metadata, domain routing | Provide public reachability and TLS routing | Active |
| GlitchTip | Observability / error tracking | Sanitized exceptions, tags, job IDs | Capture error and operational telemetry | Active |
| PostgreSQL | Primary database | Account state, tokens, pivots, schedules, logs | Persist app state and operational records | Active |
| Redis | Cache / lock store | Prefetch payloads, job status, locks | Support transient workflow state and concurrency control | Active |
| Bitwarden Secrets Manager | Secret delivery | Runtime secrets used to boot the stack | Inject secrets without committing them to git | Active |
| monday.com API | Upstream platform API | Board metadata, lifecycle payloads, user context | Read and write monday data under user authorization | Active |
Notes
- Hosting region should match the deployed production environment and the operator's hosting records.
- Sanitized observability data should not include raw board row payloads or secrets.
- See the privacy policy and DPA baseline for transfer and rights language.