Sub-processors

We use the following sub-processors to deliver the Service. We commit to giving 30 days' notice before adding a new sub-processor that will process personal data on Roomfora's behalf. To be notified when this list changes, email privacy@roomfora.com and we'll add you to the notification list.

Each vendor below receives only the data needed for its role and is bound by a data processing agreement with Roomfora. For more on how we share data with these vendors, see our Privacy Policy and Data Processing Addendum.

Current sub-processors

Vendor	Purpose	Data category
Clerk	Authentication & identity	Email address, name, login metadata
Stripe (incl. Stripe Connect)	Payments, payouts, KYC for connected operator accounts	Name, email, business details, payout bank details, card data (tokenized; never touches our servers)
Neon	PostgreSQL database hosting	All application data, encrypted at rest
Vercel	Application & edge hosting	Request logs, IP addresses, deployment metadata
Resend	Transactional email delivery	Recipient email, subject, body
Sentry	Error monitoring & performance tracing	Stack traces, request paths, user ID (no passwords, no payment data)
PostHog	Product analytics & session replay	Page views, clicks, session recordings (sensitive fields masked)

Region and hosting

All sub-processors above are US-based companies. Application data is hosted in the United States (Neon for the database, Vercel for application and edge hosting, including Vercel Blob storage for uploaded media). Some vendors operate global edge networks (Vercel, Stripe), so requests may be routed through points of presence outside the US even though primary processing occurs in the US.

Changes

When we add or replace a sub-processor that processes personal data, we update this page and post the change at least 30 days before it takes effect. If you object to a new sub-processor, contact us at privacy@roomfora.com to discuss alternatives or terminate the affected service.

Last updated: April 25, 2026