Sub-processors
Last updated: 28 June 2026
Provider inventory last reviewed: 18 July 2026
Pre-launch reference: the provider inventory is current, while HollyHR's contracting legal identity and registered-office disclosure are being verified. Approved customer documents are provided before workspace activation.
How HollyHR uses sub-processors
HollyHR uses the providers below to host, secure, support and operate the service. Where the HollyHR service provider acts as a processor for customer employee data, these providers may act as sub-processors. The contracting provider remains responsible to the customer for sub-processor performance under the approved data processing agreement.
We will update this page before adding or replacing a sub-processor that handles customer personal data and will give customers a reasonable opportunity to object where required by the data processing agreement.
Current provider list
| Provider | Purpose | Data categories | Hosting / transfers | Evidence / status |
|---|---|---|---|---|
| Vercel | Application hosting, serverless runtime, deployment, CDN, runtime logs, and cookieless aggregate website analytics (Web Analytics and Speed Insights). | Customer account data, application metadata, request metadata, limited service logs, and aggregate page-view and performance data points that carry no persistent visitor identifier. | EU/USA Provider data processing terms and applicable UK transfer safeguards for non-UK processing. | Current deployment platform in repo deployment/runbook docs. |
| Neon | Managed PostgreSQL database hosting, branching, and point-in-time recovery. | Customer organisation data, employee HR records, authentication/session metadata, and audit data. | EU (AWS eu-central-1) Provider data processing terms; production branch hosted in the intended region. | Current database provider in Drizzle/Neon docs and environment schema. |
| Stripe | Subscription billing, checkout, billing portal, invoices, and payment records. | Customer billing contact, subscription state, invoices, and payment metadata. | EU/USA Provider data processing terms and UK transfer safeguards for payment processing. | Current billing provider in Stripe integration docs and webhook code. |
| Resend | Transactional email delivery for authentication, invitations, service messages, and consent-gated product-update or launch Broadcasts. | Recipient email addresses, opted-in waitlist or customer-admin contact metadata, message metadata, and email body content. | USA Provider data processing terms and UK transfer safeguards. | Current email provider in env schema, email-service code, Resend feedback webhook, and marketing contact sync runbook. |
| Upstash | Redis-backed rate limiting and abuse prevention for authentication and sensitive routes. | Pseudonymous rate-limit keys and request counters. | UK primary region (eu-west-2) Provider data processing terms and region controls where configured. | Live Upstash database readback for hollyhr-ratelimit-production and limiter code. |
| Amazon Web Services (S3) | Private uploaded HR document storage, encrypted Neon database backup storage, and Terraform remote state. | Uploaded employee documents, object metadata, encrypted database backup archives, and infrastructure state metadata. | UK (eu-west-2) AWS data processing terms and configured bucket-region controls. | Document-storage app runtime uses S3; live S3 readback for hollyhr-neon-backups and hollyhr-tfstate is recorded in provider-residency runbook. |
| PostHog | Product analytics for signed-in tenant users, including manual pageview capture and organisation-level usage grouping. | Account identifiers, product usage events, and pageview metadata. | EU (PostHog Cloud EU, AWS eu-central-1) Provider data processing terms; EU project host and IP anonymisation verified by API on 16 June 2026. | Current analytics provider in PostHog provider, API readback, and privacy/cookies runbook. |
| Migadu | Human mailbox hosting for HollyHR team mailboxes. | Mailbox content, sender/recipient metadata, and mailbox account metadata. | EU/Switzerland/other provider locations subject to Migadu terms Provider data processing terms and applicable UK transfer safeguards for non-UK processing. | MX, SPF, DMARC, and DKIM posture documented in mailbox-posture runbook; separate from Resend app mail. |
| Sentry | Error tracking, CSP violation reporting, source maps, and operational alerting. | Sanitised error metadata, stack traces, release/environment metadata, and CSP report metadata. | EU (Sentry Germany region) Provider data processing terms; production DSN is hosted on the provider's EU ingest region. | Current production environment readback and live response security policy both identify the Sentry Germany ingest host; code-level event scrubbing remains active. |
| Freshdesk / Freshworks | Customer support portal and SSO-assisted support access. | Customer contact details, support requests, and support correspondence. | EU/USA Provider data processing terms; support-data handling still requires legal/operator confirmation. | Current support portal link and Freshdesk SSO route in tenant navigation and auth routes. |
Related legal materials
This page is intended to be referenced by HollyHR's data processing agreement and customer legal materials.
Legal entity
The contracting legal name and registered office will appear here after verification and are supplied in the approved customer documents before activation.