Annex II to the Data Processing Agreement
Sub-processors
Last updated April 2026
We use the carefully chosen third parties below to operate the Glass Book platform. Each is bound by its own Data Processing Agreement and has been assessed for technical and organisational security measures. We will notify subscribers at least 30 days before adding or replacing any sub-processor.
| Sub-processor | Purpose | Location | DPA |
|---|---|---|---|
| Supabase Inc. | Database, authentication and file storage | United Kingdom (eu-west-2) | View |
| Vercel Inc. | Web hosting and edge runtime | United States (with EU data residency) | View |
| Stripe Payments Europe Ltd. | Payment processing for booking deposits | Republic of Ireland | View |
| Resend Inc. | Transactional email delivery | United States (Standard Contractual Clauses) | View |
Notifications
We will notify the account owner by email at least 30 days before any new sub-processor begins processing personal data. If you object to a new sub-processor, please contact us at hello@glassbook.co.uk within the notice period.
Hamr Ltd