The third-party processors Bidzo Technologies LLP uses to operate the platform, the data category each handles, and the processing region. Maintained for transparency and for procurement / DPDP review by enterprise customers.
Each entry below names a sub-processor, the data category it handles for Bidzo, and the country / region where the processor stores data. Sub-processors are engaged under written agreements that include confidentiality, security, and DPDP-aligned data-protection obligations. We notify customers of material additions through this page; we recommend reviewing it periodically.
Category: account data, authentication credentials, platform-generated data (bid records, CRM, documents, audit log), file storage. Region: ap-south-1 (Mumbai, India). Role: hosts our Postgres database, authentication service, and object storage. Bidzo runs on a self-hosted Supabase deployment on Indian infrastructure.
Category: request metadata, IP address, user-agent. Region: global edge network with India PoPs. Role: routes traffic from bidzo.app to our origin server through a Cloudflare Tunnel and provides DDoS protection at the edge. Cloudflare does not store request bodies.
Category: recipient email address, email subject and body for transactional notifications (verification, invites, system alerts). Region: United States. Role: delivers transactional email on Bidzo's behalf. Marketing email is not handled by Resend.
Category: payer name, email, phone, transaction amount, payment method metadata. Region: India (RBI-regulated localization). Role: processes subscription and one-time payments for Indian customers. Bidzo does not store full card numbers; tokenized references only.
Category: payer name, email, transaction amount, payment method metadata. Region: United States. Role: will process international payments once merchant approval lands. Until then, PayPal is named here for transparency but is not active.
Category: business email correspondence sent or received through bidzo.app addresses (e.g., contact@, data@), associated calendar and document content for our internal operations. Region: United States with global edge caching; Google offers data-region controls we apply where available. Role: hosts our business email (Gmail), shared documents (Drive), and calendars used to operate the company. Customer personal data is not routinely stored in Workspace; only correspondence-incidental data (e.g., a support email you send to [email protected]) is processed there.
Category: messages and prompts you submit to the AI assistant, plus the bid or document context you have explicitly attached. Region: depends on the active provider; typically United States. Role: generates responses for the in-app AI assistant. We do not allow providers to use your data to train their models, and we apply per-organization token caps to limit exposure. The current active provider is disclosed in-app.
Category: recipient phone number, message body, delivery metadata for transactional WhatsApp notifications. Region: depends on Business Solution Provider (BSP). Role: delivers WhatsApp messages on Bidzo's behalf. Used only for messages your organization initiates or where the recipient has opted in.
Category: stack traces, browser metadata, user-agent, URL. Region: United States. Role: captures application errors so we can fix bugs. Personal data in error contexts is scrubbed where reasonably possible. We do not log request bodies to Sentry.
Material additions or replacements of sub-processors are reflected on this page. The 'last updated' line below tracks the most recent change. Enterprise customers under a written data-processing agreement may also receive direct notice as their contract requires.
Reach our DPO at [email protected] or talk to a founder. Transparency is operating discipline, not a marketing line.