Who handles your data — and why.

Role

Database, authentication, and row-level security (RLS)

Region

EU — Frankfurt

What they receive

Email, password hash, user ID, symptom responses (health data), session tokens, doctor directory entries

Health data (Article 9)

Yes

Data Processing Agreement

View the DPA →

Role

Hosting the Next.js app, serverless functions (including PDF generation), scheduled deletion jobs

Region

EU-region

What they receive

All request and response traffic. PDFs are streamed in memory and are never written to disk.

Health data (Article 9)

Yes

Data Processing Agreement

View the DPA →

Role

Card and Swish payment processing, webhook delivery, subscription billing for membership

Region

EU — Irland

What they receive

Card details (Stripe handles the card — we never see it), email, billing address, transaction records

Health data (Article 9)

No

Data Processing Agreement

View the DPA →

Role

Transactional email — PDF download links, account emails, payment confirmations

Region

EU

What they receive

Email address, subject line, email body. No symptom data or health information is ever included in the email itself.

Health data (Article 9)

Conditional — see note

Data Processing Agreement

View the DPA →

Role

Bot mitigation (Turnstile) on the PDF endpoint. Verifies that requests come from human users.

Region

EU edge

What they receive

IP address, user-agent, browser signals collected by Turnstile. Cloudflare never sees survey content.

Health data (Article 9)

No

Data Processing Agreement

View the DPA →

Role

Serverless Redis used as the rate-limit store for the PDF endpoint

Region

EU

What they receive

IP address only (rate-limit key + counter + TTL). Upstash never sees survey content.

Health data (Article 9)

No

Data Processing Agreement

View the DPA →