Subprocessor List

This page describes the subprocessor and connected-service model for Holy Resource.

Because Holy Resource supports both fully local operation and optional connected features, not every customer will use every processing path described here.

When reading this page:

• "Current" means Found CTRL currently evidences the provider in the managed licensing or operations stack.
• "Supported" means the provider is supported in code or configuration, but is not treated here as universally enabled for every customer or every workflow.
• "Customer-configured" means you choose, connect, and control the provider directly.
• Some vendors, especially payment providers, may act partly as processors for merchant data and partly as independent controllers for fraud, compliance, settlement, or network-level operational data under their own legal terms.

1. Confirmed Current Found CTRL-Appointed Subprocessors

The following vendors are evidenced in the current Found CTRL licensing stack and may process personal data when Holy Resource uses Found CTRL-operated licensing, payment, or transactional messaging services.

Neon

• Purpose: hosted PostgreSQL database for the Universal License Server backend that supports licensing, activation, ownership, purchase, messaging, and related operational records.
• Data that may be processed: owner and purchaser contact details, organization or church information, license metadata, purchase and subscription records, payment references, messaging audit records, support-related metadata, and operational logs stored by the licensing backend.
• Location: the current backend environment points to a Neon-hosted database project in AWS eu-west-2.
• Safeguards: Neon documents mandatory SSL/TLS database connections, AES-256 encryption at rest, GDPR-aligned controls, SOC 2 / ISO 27001 / ISO 27701 security measures, and cloud hosting within AWS or Azure data centers with additional options such as IP allowlisting and private networking.
• Reference policies: Neon Security & Compliance

Stripe

• Purpose: subscription billing, payment intents, invoice and receipt generation, and webhook-based purchase fulfillment for the licensing stack.
• Data that may be processed: customer email address, billing and payment data, order and subscription metadata, transaction identifiers, invoice records, device and IP-related anti-fraud signals, and other payment-operational data necessary to process transactions.
• Location: Stripe processes data globally; for customers outside North and South America, the Stripe DPA states the contracting entity is Stripe Payments Europe, Limited, while processing may still involve Stripe, LLC in the United States and other affiliates or subprocessors.
• Safeguards: Stripe publishes a DPA, Data Transfers Addendum, subprocessor list, PCI DSS Level 1 controls, encryption in transit and at rest, and contractual controls for subprocessors with cross-border transfer mechanisms.
• Control boundary note: Stripe's published DPA distinguishes between Stripe acting as a processor for merchant instructions and Stripe acting as an independent controller for some fraud, compliance, and payment-network functions.
• Reference policies: Stripe DPA

Paystack

• Purpose: alternative payment processing, transaction initialization and verification, refunds, and webhook handling for supported purchase flows.
• Data that may be processed: payer contact details, transaction and payment data, order metadata, fraud and verification metadata, and any additional merchant-supplied metadata attached to a transaction.
• Location: Paystack states that it transfers data outside Nigeria and gives AWS in Ireland as an example of its cloud storage location, while also maintaining a published subprocessor list across multiple regions.
• Safeguards: Paystack publishes a DPA, a subprocessor list, Binding Corporate Rules for intra-group transfers, written contracts for service providers, NDPA-compliant transfer language, and security commitments including encryption, PCI DSS-aligned controls, and documented breach-notification procedures.
• Control boundary note: Paystack's published terms and DPA describe Paystack as a processor for merchant data in many cases, while also reserving controller-like responsibilities for parts of fraud screening, compliance, and payment operations.
• Reference policies: Paystack Terms, Privacy Policy, and DPA entry point

ZeptoMail

• Purpose: API-based transactional email delivery for licensing, verification, and account communications sent by the managed licensing stack.
• Data that may be processed: recipient email addresses, sender details, message content, delivery metadata, and technical diagnostics required to send or troubleshoot the message.
• Location: depends on the ZeptoMail service region and the applicable ZeptoMail account configuration used by Found CTRL.
• Safeguards: the current backend routing layer prefers ZeptoMail as the first managed email provider when it is enabled, and messages are sent through an authenticated API-based transport rather than direct mail exchange from the application server.

Hostinger SMTP

• Purpose: mailbox-hosted SMTP relay profile available to the same licensing and notification stack for transactional communications.
• Data that may be processed: recipient email addresses, sender details, email content, message metadata, and delivery diagnostics handled through SMTP relaying.
• Location: not fixed by product contract in the codebase; use depends on the configured Hostinger mail account and applicable Hostinger infrastructure for that mailbox.
• Safeguards: email is sent over authenticated SMTP with TLS-capable transport in the server implementation. Hostinger legal and privacy terms should be reviewed alongside this page for mailbox-region, transfer, and retention posture.
• Reference policies: Hostinger Privacy Policy

2. Found CTRL-Operated Connected Services

The following Holy Resource service categories may process limited personal data when enabled. These are operated by Found CTRL rather than by an external subprocessor at the product-contract level:

Licensing and entitlement services

• Purpose: license activation, validation, offline lease management, owner verification, invite redemption, and recovery workflows.
• Data that may be processed: owner or purchaser email address, organization name, license identifiers, device-linked state, verification metadata, invite metadata, and anti-abuse or audit signals.

Update and release delivery services

• Purpose: release checks, updater metadata access, authenticated update delivery, and related security validation.
• Data that may be processed: app version, update channel, device or environment compatibility details, request metadata, locally stored update tokens, download telemetry, and security logs.
• Third-party infrastructure note: public release and download delivery may rely on external hosting or distribution infrastructure for release metadata and installer assets. Those paths usually involve technical request metadata rather than core church records.

Optional sync relay or server-backed sync services

• Purpose: synchronization, queue handling, conflict coordination, peer or server state management, and delivery of branch-scoped updates.
• Data that may be processed: records transmitted through sync, record metadata, conflict state, device identifiers, timestamps, and operational logs.

Support and troubleshooting workflows

• Purpose: respond to support inquiries, investigate incidents, and resolve technical issues.
• Data that may be processed: support contact data, logs, screenshots, diagnostics, and any records you voluntarily provide for troubleshooting.

3. Supported but Not Universally Enabled Providers

The license server codebase also contains support for additional providers that may be enabled by configuration, but are not treated on this page as universally active subprocessors unless and until Found CTRL enables them in production for the relevant service path.

Email and messaging providers supported by the current licensing stack

• Resend SMTP
• Custom SMTP
• Telnyx
• Plivo
• Africa's Talking

These providers may process recipient identifiers, message content, sender configuration, routing information, delivery status, and related communication metadata when enabled.

4. Customer-Configured Providers

The following providers or provider categories may process personal data when you enable them. In many cases, these are configured directly by you and are not appointed by Found CTRL as subprocessors unless Found CTRL is explicitly routing the request through its own managed service.

Payment gateways supported by the app

• Stripe
• PayPal
• Flutterwave
• Custom or self-selected gateways

Purpose: donor-facing payment links, checkout, gateway event handling, reconciliation, and donation workflow integration.

Data that may be processed: donor identifiers, donation or transaction metadata, billing details, gateway configuration data, and payment-status information.

Messaging and email providers configured by the customer

• Custom SMTP servers
• Supported API-based email providers
• Supported API-based SMS providers

Purpose: transactional messages, announcements, notifications, automations, reminders, and other communications you initiate.

Data that may be processed: recipient identifiers, sender configuration, message content, attachments, routing data, delivery status, and failure metadata.

Presentation or worship-production products you choose to connect

• ProPresenter
• Other future third-party presentation bridges if and when Holy Resource adds them

Purpose: local presentation control, slide-state reading, lyric mirroring, playlist browsing, stage-message actions, and related in-room workflows.

Data that may be processed: slide text, playlist names, stage-message state, live presentation status, connection metadata, and any mirrored content the local operator device chooses to share with other Holy Resource devices.

Control boundary: for the Worship Flow LAN bridge itself, this data flows directly between your Holy Resource device and the third-party presentation product on your own network. That local bridge does not make the presentation vendor a Found CTRL-appointed subprocessor for the Holy Resource sync path. If you separately use the vendor's website, downloads, licensing portal, support tools, cloud services, or account systems, those interactions are governed by that vendor's own terms.

AI providers configured by the customer or feature administrator

• Customer-selected model or AI gateway provider

Purpose: drafting, summarization, automation, and other AI-assisted features.

Data that may be processed: prompts, contextual text, and generated outputs necessary to provide the enabled AI feature.

5. International Transfers

Some connected services and customer-configured providers may process data outside your home jurisdiction. Where Found CTRL appoints a subprocessor for processing covered by our DPA, we will use a lawful transfer mechanism where required. For customer-configured providers, and for third-party product accounts you access directly, you are responsible for reviewing and approving the provider terms and transfer safeguards that apply to your own configuration.

6. Updates to This Page

We may update this page as Holy Resource's hosted architecture, processing flows, or provider relationships change. Material updates will be reflected here before or when the relevant provider begins processing applicable data.

7. Contact

For questions or objections relating to this page, contact:

Found CTRL Limited
Registered in England & Wales (No. 17079973)
Email: holyresource@foundctrl.com
Website: foundctrl.com