Sub-Processors
CampOne processes personal data of your guests on your behalf (you as controller, CampOne as processor). To deliver the service we use the sub-processors listed below. Each entry documents location, data category, and contractual basis.
As of: 2026-04-28. We notify you in writing before any change to this list — to opt out of routine updates or to ask for additional context, contact privacy@campone.ch.
| Provider | Role | Data categories | Location | Contractual basis | Status |
|---|---|---|---|---|---|
| Supabase | PostgreSQL hosting + object storage (S3) | All application + booking data, media | AWS Frankfurt region (eu-west-1, Ireland) — EU/EEA | EU SCCs + DPA | DPA signing in progress |
| Railway | Backend hosting (Django, workers) | Application logs, transient request data | EU region | EU SCCs + DPA | DPA signing in progress |
| Vercel | Frontend hosting (CDN, edge) | Request routing, cached content (no DB content) | Global, primary cache EU | EU SCCs + DPA | DPA signing in progress |
| Stripe | Payment processing | Payment-intent references (card data stays at Stripe) | Switzerland / Ireland | Stripe Data Processing Agreement | active |
| Booking.com (OTA integration) | Distribution channel | Booking + guest data for OTA-side reservations only | Netherlands | OTA contract | active when integration is enabled |
| Per-tenant SMTP (your provider of choice) | Email delivery | Recipient address, booking-confirmation content | depends on provider | Contract directly between you and the SMTP provider | tenant-owned contract |
| Groq (optional AI assistant) | LLM inference for customer-support chat | Chat messages within the session | USA | EU SCCs (pending) | only on explicit per-tenant activation |
| Anthropic (optional AI assistant) | LLM inference for customer-support chat (alternative to Groq) | Chat messages within the session | USA | EU SCCs (pending) | only on explicit per-tenant activation |
Notes on US providers
Section titled “Notes on US providers”For transfers to the USA we rely on the EU Standard Contractual Clauses combined with additional technical measures:
- TLS 1.2+ encryption in transit for every transfer.
- Application-level encryption of sensitive data with Fernet (AES-128-CBC + HMAC-SHA256), independent of the provider’s storage security — see Architecture & Controls.
- EU data residency for the database. US-based providers see only cache content (Vercel) or explicitly enabled features (AI assistant).
- Pseudonymisation of guest data in logs and audit trails where technically meaningful.
Machine-readable version
Section titled “Machine-readable version”A machine-readable version of this list is available at /legal/sub-processors.json — suitable for procurement automation and third-party risk tooling.
Change log
Section titled “Change log”| Date | Change |
|---|---|
| 2026-04-28 | Initial publication. DPA signing status will be kept current here. |
Contact
Section titled “Contact”- Privacy enquiries: privacy@campone.ch
- Questions about specific sub-processors: legal@campone.ch