Back to home
Security

Data residency

All customer data is stored in the European Union, on Supabase Frankfurt.

Customer data — guests, reservations, vouchers, audit logs, attachments — is stored in the European Union on Supabase Frankfurt (AWS region eu-central-1). Backups are kept in the same region.

Processing

Application servers run inside the EU. Background jobs that produce exports or send transactional email run in the same region. The DineOS team accesses production data only through audited support tooling that records every read operation.

Subprocessors

We use a small set of subprocessors, each with their own data-residency posture. The full list is published in the data processing agreement (DPA) and updated whenever it changes:

  • Supabase — primary database, EU (Frankfurt).
  • Stripe — billing and payments. PII transferred under SCCs.
  • Twilio — SMS delivery. Phone numbers transferred under SCCs.
  • SendGrid — transactional email. Email addresses transferred under SCCs.
  • Anthropic — AI assistant. PII redacted before transmission; zero-retention API mode enabled.
Need a copy of the DPA?
Owners can download the latest DPA from Settings → Security → Data processing.