| Proton Mail (Proton AG) | Primary business email — security@obsidianridge.io, briefing inbox | Inbound and outbound email content, including briefing follow-ups and client correspondence | Switzerland (EU-adequacy jurisdiction) | Active |
|---|
| Cloudflare, Inc. | DNS, CDN, WAF, Turnstile bot-protection on forms | Visitor IP at edge, Turnstile challenge metadata; no form-field content stored at Cloudflare | Global edge; US-headquartered | Active |
|---|
| Vercel, Inc. | Site hosting and serverless function execution | Request logs, deployment artifacts, Vercel Analytics page-view + custom event data (cookieless) | United States | Active |
|---|
| Plausible Analytics | Cookieless site analytics — page views plus the site's product events | Aggregate page-view and event counts, referrer, country and device class. No cookies, no cross-site identifiers, no personal data. | European Union (GDPR jurisdiction) | Active |
|---|
| Supabase, Inc. | Database of record for briefing requests, assessment responses, newsletter subscribers | Form-submitted name / email / phone / company / message; assessment answers and scores | United States (Supabase US East) | Active |
|---|
| Resend (Resend, Inc.) | Transactional email — briefing confirmations, newsletter delivery, assessment PDFs | Recipient email address, message content, delivery / open / click events | United States | Active |
|---|
| Upstash, Inc. (Redis) | Form rate-limiting (sliding-window counters keyed on visitor IP) | Hashed IP + endpoint + timestamp counter; expires within 1 hour | United States | Active |
|---|
| Huntress Labs, Inc. | Managed EDR, Managed ITDR, Managed SAT, Managed SIEM (delivered to clients; dogfooded on operator endpoint) | Endpoint telemetry, identity activity, security alert metadata; client data per the Huntress DPA | United States | Active |
|---|
| Hetzner Online GmbH | Self-hosted Tactical RMM + MeshCentral VPS (per PLAN.md Section 1) | RMM agent telemetry from client endpoints, MeshCentral remote-session metadata | Germany (EU) | Planned — deployment in progress |
|---|
| Tactical RMM (self-hosted) | Remote monitoring and management — agent inventory, patch policy, script execution | Endpoint inventory, agent health, patch state, scheduled task output. No external sub-processor — runs on the Hetzner VPS we operate. | Germany (EU) — same host as MeshCentral | Planned — deployment in progress |
|---|
| MeshCentral (self-hosted) | Remote desktop / terminal sessions to managed endpoints | Session metadata, recorded session video (where enabled). No external sub-processor — runs on the same Hetzner VPS. | Germany (EU) | Planned — deployment in progress |
|---|
| Stripe, Inc. | Payment processing for paid engagements (post-LLC only) | Payment method, billing address, transaction record. Stripe holds card data; we never see PAN. | United States | Gated — activates day-of-LLC formation |
|---|
| HubSpot, Inc. | CRM for prospect and client lifecycle tracking | Prospect / client contact records, deal stage, sequence engagement (when wired) | United States | Planned — Phase 1 Week 2 |
|---|