Prox OS Internal Docs
TrustReadinessEu

Data Processing Map

Maintain a planning map of personal data categories, processors, and data flows.

Purpose

Maintain a planning map of personal data categories, processors, and data flows.

Draft Processor Map

Processor categoryExample vendor classStageNotes
Hosting/CDNCloudflare or equivalentNow / Founder PreviewReview logs, regions, and Access controls.
DatabaseNeon or equivalentPlatform foundationReview region, backup, and deletion/export behavior.
AnalyticsPostHog or equivalentEarly BetaPrefer privacy-friendly settings and limited capture.
PaymentsStripe, Paddle, Lemon Squeezy, MoRPaid BetaOnly after legal/tax setup is reviewed.
EmailTransactional and waitlist emailEarly BetaKeep unsubscribe and privacy request flows clear.
AI providersOpenAI or regional alternativesFutureAvoid sensitive data until policies and controls exist.

Data Categories

  • Account and profile data.
  • Space and app metadata.
  • Source/deployment metadata.
  • Permission declarations and grant records.
  • Billing and entitlement records when live billing begins.
  • Logs and security events.
  • Support and feedback messages.

Open Questions

  • Which entity is the controller at each stage?
  • Which vendors are processors, sub-processors, or independent controllers?
  • Which regions should be default for EU users?
  • What retention periods are acceptable for logs and audit data?

On this page