Sub-processors

Service providers used to operate VariationDesk.

VariationDesk uses trusted providers to host the service, protect accounts, store evidence, send operational messages, process billing and connect to customer-selected accounting platforms. Providers only process personal data where needed to deliver the relevant service.

Accounting and SMS providers are not used for every customer. They apply only when the relevant feature is enabled or a workspace owner connects that integration.

Core platform providers

These providers help deliver the main VariationDesk web, mobile and workspace service.

Supabase

Purpose
Authentication, database, tenant isolation and private evidence-file storage.
Personal data involved
Account, organisation, project, variation, evidence, support, billing metadata and audit records.
When this applies
Used for VariationDesk workspaces.

Vercel

Purpose
Application hosting, server-side web routes and deployment infrastructure.
Personal data involved
Application request metadata, operational logs and data processed through VariationDesk application routes.
When this applies
Used to deliver the web application and public website.

Expo, Apple and Google mobile services

Purpose
Mobile app builds, app distribution, updates and push notification routing where enabled.
Personal data involved
App/device delivery metadata, mobile push tokens and app-store privacy or data-safety information.
When this applies
Used for the mobile app and notifications. Notification payloads should not contain sensitive project details.

Billing and communications providers

These providers are used for customer billing and operational service messages.

Stripe

Purpose
Subscriptions, checkout, customer billing portal, invoices and payment webhooks.
Personal data involved
Billing contacts, subscription identifiers, invoice metadata, payment status and tax/VAT billing records.
When this applies
Used where a workspace starts a trial, subscription, checkout or paid billing workflow.

Resend

Purpose
Transactional email delivery for account, invite, sign-off, support and billing messages.
Personal data involved
Recipient email addresses, service-message content, delivery metadata and template references.
When this applies
Used for operational VariationDesk email messages.

Twilio

Purpose
SMS verification, two-step verification and remote sign-off verification where phone/SMS features are enabled.
Personal data involved
Phone numbers, verification metadata, masked destinations and delivery status.
When this applies
Used only where SMS or phone-verification features are enabled for a workspace or user action.

Customer-enabled accounting integrations

Accounting integrations only apply when a workspace owner connects that provider. VariationDesk does not send every workspace's data to every accounting platform.

Xero

Purpose
Accounting connection for draft-invoice export and evidence handoff.
Personal data involved
Accounting tenant identifiers, contact/invoice metadata, export references and evidence attachment metadata where supported.
When this applies
Only used for workspaces that connect Xero.

QuickBooks Online

Purpose
Accounting connection for draft-invoice export and, where supported, evidence attachment upload.
Personal data involved
Company/account identifiers, contact/invoice metadata, export references and evidence PDF attachment metadata where supported.
When this applies
Only used for workspaces that connect QuickBooks Online.

Sage Accounting

Purpose
Accounting connection for contact and draft sales-invoice export.
Personal data involved
Business/account identifiers, contact/invoice metadata and export references.
When this applies
Only used for workspaces that connect Sage Accounting.

FreeAgent

Purpose
Accounting connection for contact and draft-invoice export.
Personal data involved
Account identifiers, contact/invoice metadata and export references.
When this applies
Only used for workspaces that connect FreeAgent.

Changes to this list

We may update this list as the service develops or as customers enable new integrations. Where a change materially affects customer workspace data, VariationDesk will provide notice through the service or customer support channels where appropriate.