Sub-processors
Service providers used to operate VariationDesk.
VariationDesk uses trusted providers to host the service, protect accounts, store evidence, send operational messages, process billing and connect to customer-selected accounting platforms. Providers only process personal data where needed to deliver the relevant service.
Accounting and SMS providers are not used for every customer. They apply only when the relevant feature is enabled or a workspace owner connects that integration.
Core platform providers
These providers help deliver the main VariationDesk web, mobile and workspace service.
Supabase
- Purpose
- Authentication, database, tenant isolation and private evidence-file storage.
- Personal data involved
- Account, organisation, project, variation, evidence, support, billing metadata and audit records.
- When this applies
- Used for VariationDesk workspaces.
Vercel
- Purpose
- Application hosting, server-side web routes and deployment infrastructure.
- Personal data involved
- Application request metadata, operational logs and data processed through VariationDesk application routes.
- When this applies
- Used to deliver the web application and public website.
Expo, Apple and Google mobile services
- Purpose
- Mobile app builds, app distribution, updates and push notification routing where enabled.
- Personal data involved
- App/device delivery metadata, mobile push tokens and app-store privacy or data-safety information.
- When this applies
- Used for the mobile app and notifications. Notification payloads should not contain sensitive project details.
Billing and communications providers
These providers are used for customer billing and operational service messages.
Stripe
- Purpose
- Subscriptions, checkout, customer billing portal, invoices and payment webhooks.
- Personal data involved
- Billing contacts, subscription identifiers, invoice metadata, payment status and tax/VAT billing records.
- When this applies
- Used where a workspace starts a trial, subscription, checkout or paid billing workflow.
Resend
- Purpose
- Transactional email delivery for account, invite, sign-off, support and billing messages.
- Personal data involved
- Recipient email addresses, service-message content, delivery metadata and template references.
- When this applies
- Used for operational VariationDesk email messages.
Twilio
- Purpose
- SMS verification, two-step verification and remote sign-off verification where phone/SMS features are enabled.
- Personal data involved
- Phone numbers, verification metadata, masked destinations and delivery status.
- When this applies
- Used only where SMS or phone-verification features are enabled for a workspace or user action.
Customer-enabled accounting integrations
Accounting integrations only apply when a workspace owner connects that provider. VariationDesk does not send every workspace's data to every accounting platform.
Xero
- Purpose
- Accounting connection for draft-invoice export and evidence handoff.
- Personal data involved
- Accounting tenant identifiers, contact/invoice metadata, export references and evidence attachment metadata where supported.
- When this applies
- Only used for workspaces that connect Xero.
QuickBooks Online
- Purpose
- Accounting connection for draft-invoice export and, where supported, evidence attachment upload.
- Personal data involved
- Company/account identifiers, contact/invoice metadata, export references and evidence PDF attachment metadata where supported.
- When this applies
- Only used for workspaces that connect QuickBooks Online.
Sage Accounting
- Purpose
- Accounting connection for contact and draft sales-invoice export.
- Personal data involved
- Business/account identifiers, contact/invoice metadata and export references.
- When this applies
- Only used for workspaces that connect Sage Accounting.
FreeAgent
- Purpose
- Accounting connection for contact and draft-invoice export.
- Personal data involved
- Account identifiers, contact/invoice metadata and export references.
- When this applies
- Only used for workspaces that connect FreeAgent.
Changes to this list
We may update this list as the service develops or as customers enable new integrations. Where a change materially affects customer workspace data, VariationDesk will provide notice through the service or customer support channels where appropriate.