TrustReadinessEu
Data Processing Map
Maintain a planning map of personal data categories, processors, and data flows.
Purpose
Maintain a planning map of personal data categories, processors, and data flows.
Draft Processor Map
| Processor category | Example vendor class | Stage | Notes |
|---|---|---|---|
| Hosting/CDN | Cloudflare or equivalent | Now / Founder Preview | Review logs, regions, and Access controls. |
| Database | Neon or equivalent | Platform foundation | Review region, backup, and deletion/export behavior. |
| Analytics | PostHog or equivalent | Early Beta | Prefer privacy-friendly settings and limited capture. |
| Payments | Stripe, Paddle, Lemon Squeezy, MoR | Paid Beta | Only after legal/tax setup is reviewed. |
| Transactional and waitlist email | Early Beta | Keep unsubscribe and privacy request flows clear. | |
| AI providers | OpenAI or regional alternatives | Future | Avoid sensitive data until policies and controls exist. |
Data Categories
- Account and profile data.
- Space and app metadata.
- Source/deployment metadata.
- Permission declarations and grant records.
- Billing and entitlement records when live billing begins.
- Logs and security events.
- Support and feedback messages.
Open Questions
- Which entity is the controller at each stage?
- Which vendors are processors, sub-processors, or independent controllers?
- Which regions should be default for EU users?
- What retention periods are acceptable for logs and audit data?