Skip to content
TapPass Internal

Vendors & third-party services

This is the canonical list. When you add a vendor, add a row here and update the subprocessor list on the trust site.

Infrastructure

Section titled “Infrastructure”

Google Cloud Platform

Section titled “Google Cloud Platform”
UseCore compute (Cloud Run), database (Cloud SQL), secrets (Secret Manager), CI (Cloud Build), artifact registry, KMS, Cloud Storage, uptime monitoring
Projectstappass-prod, tappass-staging
Consoleconsole.cloud.google.com
Account ownerJens (Organization Admin)
BillingLinked to tappass.ai billing account
DPA statusCloud DPA — auto-accepted on sign-up
Blast radius if downEntire platform down (app + DB + auth). SEV1
RecoveryNo practical single-vendor failover — multi-region within europe-west is the tier we plan for. See Infrastructure

Cloudflare

Section titled “Cloudflare”
UseDNS, WAF, edge cache in front of Cloud Run, Pages hosting for tappass.ai, docs, internal-docs, trust; Cloudflare Access gates internal-docs
AccountPro plan, owner: Jens
Consoledash.cloudflare.com
DPA statusCloudflare DPA — signed
Blast radius if downMarketing site + docs go down; app is partially degraded (DNS-only, grey cloud) so eu.tappass.ai may survive CF control-plane outages
RecoveryDNS is the most critical CF dependency; TTLs are 300s so failover would take 5–10min even with ready backup records

Observability

Section titled “Observability”

Sentry (EU)

Section titled “Sentry (EU)”
UseApplication error tracking + performance traces, frontend (React SDK) + backend (Python SDK)
Projectstappass-backend + tappass-frontend (prod) and staging-tappass-backend + staging-tappass-frontend (staging) — split documented here
Hosto4511252151795713.ingest.de.sentry.io (EU region)
Consolesentry.io
DSN storageSecret Manager (tappass-sentry-dsn, tappass-sentry-dsn-frontend) in each GCP project
DPA statusSigned, EU data residency
Blast radius if downWe lose error telemetry — the app keeps serving. No user-facing impact
RecoveryWait; Sentry outages are typically <1h and we don't gate on Sentry availability

PostHog (EU)

Section titled “PostHog (EU)”
UseProduct analytics, session recordings (frontend), feature flags
Hosteu.i.posthog.com (EU region)
Consoleeu.posthog.com
API keyPublic phc_* token — baked into index.html at request time
DPA statusSigned, EU data residency
Blast radius if downWe lose product analytics + feature flags. Flag evaluation falls back to default variant (already tested fallback path)

Email

Section titled “Email”

Resend

Section titled “Resend”
UseTransactional email — agent onboarding, invites, password reset, policy digests
From domainnoreply@tappass.ai + privacy@tappass.ai (DKIM verified)
Consoleresend.com
API keySecret Manager (tappass-resend-api-key) per project
DPA statusResend DPA — signed
Blast radius if downNew-user onboarding emails don't land — fire-and-forget path means the onboard itself succeeds and credentials are shown in-UI. See the demo-day incident for why we isolated this
RecoveryResend maintains ≥99.9% uptime historically. If extended outage, fallback is to manually resend via /api/admin/resend-invite once Resend recovers

LLM providers (runtime data path)

Section titled “LLM providers (runtime data path)”

These are technically customer-brought keys, not vendors of ours — but they're on the runtime data path so downtime affects users.

ProviderRegionConsoleFailure mode
AnthropicUS (EU plan available)console.anthropic.comCircuit breaker in gateway → returns 503 with actionable retry_after
OpenAIUSplatform.openai.comSame
Azure OpenAICustomer-ownedAzure portalSame
Google GeminiUS / EUVertex AI consoleSame
AWS BedrockMulti-regionAWS ConsoleSame

The gateway tracks per-provider circuit state — see tappass/gateway/circuit_breaker.py.

Development & CI

Section titled “Development & CI”

GitHub

Section titled “GitHub”
UseSource, CI (Actions), issue tracking, container signing (cosign via OIDC)
Orggithub.com/tappass
OwnerJens (Org Owner)
DPA statusGitHub DPA — signed
Blast radius if downNew deploys blocked; running prod unaffected. Manual deploy path via wrangler for static sites and Cloud Build for core server

1Password

Section titled “1Password”
UseHuman-accessible secret vault (AWS root, CF root, prod break-glass)
VaultsTapPass / Engineering, TapPass / Operations, TapPass / Legal
OwnerJens (Owner) — every admin has full rights to Engineering+Operations vaults

Linear

Section titled “Linear”
UseIssue tracking, roadmap
Sentry integrationIssues route from Sentry → Linear with SHA context
OwnerJens

Commercial / legal

Section titled “Commercial / legal”

Trust.tappass.ai

Section titled “Trust.tappass.ai”

Subprocessor list is the canonical customer-facing view of this page. When a vendor is added here, it must also be added on trust.tappass.ai/subprocessors within 30 days per DPA obligations.

Ownership & escalation

Section titled “Ownership & escalation”

Primary contact for every vendor is Jens (until we grow). Secondary:

VendorSecondaryReason
GCPJonathanInfrastructure co-admin
CloudflareJonathanDNS + Pages deploy fallback
Sentry / PostHogn/aLow criticality
Resendn/aTransactional only
GitHubJonathanDeploy + release workflow access

If a vendor goes down during an incident, see Incident response — the vendor triage belongs in the status doc timeline so postmortems capture it.

When to add a new row here

Section titled “When to add a new row here”

Any new SaaS that:

  1. Processes customer personal data (becomes a subprocessor), or
  2. Is on the request path (a failure affects users), or
  3. Holds our secrets or infrastructure state.

Analytics-only or internal-only tools (Figma, Notion-equivalents) don't need a row unless they cross one of the three bars.