Check-in Pax Subprocessors
Effective Date: 15 December 2025
1. Infrastructure Subprocessors
Explanation: These subprocessors provide the fundamental hosting, network, and storage infrastructure that powers your application. They process all data (both organizer and guest) at the infrastructure level, typically treating it as encrypted, opaque data. They do not access the content of the data for their own purposes, and human access is strictly limited to technical support and security incident response.
| Subprocessor | Purpose | Location | Data Processed |
| Amazon Web Services (AWS) | Cloud hosting infrastructure, including EC2 (compute), S3 (object storage), RDS (databases), and related services | Hong Kong (primary) | All application data, including organizer accounts and guest PII. Encrypted at rest and in transit. Transfers governed by Standard Contractual Clauses (SCCs). |
| Cloudflare, Inc. | Content Delivery Network (CDN), DDoS protection, and SSL/TLS termination | Global edge network | Website traffic metadata, IP addresses, and cached static content. Does not persistently store guest PII. |
2. Subprocessors Handling Direct Client Data (Organizers Only)
Explanation: These subprocessors process data strictly related to your direct business relationship with organizers. This includes organizer account information, billing details, communications with your team, and internal analytics about organizer behavior. These subprocessors do not process guest data (attendee PII uploaded by organizers). Their access is limited to the organizer-facing side of your platform.
| Subprocessor | Purpose | Location | Data Processed |
| Brevo (formerly Sendinblue) | Organizer email communications, automated system emails, marketing communications, and CRM for organizer relationship management | Europe (Belgium) | Organizer name, email address, business details, and communication preferences. Used exclusively for organizer-facing outreach. Data remains within Europe. |
| Google, Inc. | Google Workspace (email, calendar, docs) for internal team communications and organizer support | Asia Pacific (Singapore/Taiwan) | Organizer name, email address, and support ticket content when assisting with organizer accounts. Covered by separate Data Processing Agreement (DPA). |
| Stripe, Inc. | Payment processing for organizer subscriptions and event ticket revenue | USA | Organizer billing information, payment method details, transaction history, and payout information. Registered under EU-U.S. Data Privacy Framework (DPF). |
| Xero | Accounting and financial reconciliation | USA | Organizer invoice data, transaction records, and business entity information for accounting purposes. Registered under EU-U.S. Data Privacy Framework (DPF). |
| Beefree | Email template builder for organizer communications | Europe (Ireland) | Organizer email template designs and metadata. No guest PII is processed. Registered under EU-U.S. Data Privacy Framework (DPF). |
| Product Fruits | User onboarding tool for organizer dashboard | Europe | Organizer user behavior within the dashboard, feature usage, and onboarding progress. No guest data is accessed. DPA and Standard Contractual Clauses (SCCs) in place. |
| Google, Inc. | Google Analytics (organizer dashboard only) & Google Ads | Worldwide | Organizer behavior analytics within the dashboard and advertising targeting data. Configured to exclude guest-facing pages. Registered under EU-U.S. Data Privacy Framework (DPF). |
| Google Cloud | Storage and processing for organizer-related data (separate from guest data infrastructure) | Asia-east2 (Hong Kong) | Organizer account data, business documents, and configuration files. Segregated from guest data storage. |
| CookieYes | Cookie consent management on organizer-facing pages | Europe | Consent preferences and anonymized usage data related to cookie compliance. DPA and Standard Contractual Clauses (SCCs) in place. |
3. Subprocessors Touching Client’s Guest Data
Explanation: These subprocessors process the personal data of event attendees (guests) uploaded by your organizers. This is the highest-risk category, as it involves third-party data for which your organizers are the controllers. All subprocessors in this category have signed Data Processing Agreements (DPAs) and are subject to stricter security and compliance requirements. Organizers using your platform to email guests will have their guest data processed by these subprocessors.
| Subprocessor | Purpose | Location | Data Processed |
| Brevo (formerly Sendinblue) | Email delivery for event campaigns initiated by organizers to their guests | Europe (Belgium) | Guest name, email address, and event-specific data (e.g., ticket information, event reminders). Organizers use Brevo via your integrated API to send communications to their attendees. Registered under EU-U.S. Data Privacy Framework (DPF). Note: Data is segregated from Brevo’s organizer-facing use. |
| AWS (covered in Infrastructure) | Storage and processing of guest data | Hong Kong | All guest PII uploaded by organizers, including names, emails, dietary restrictions, check-in status, and custom fields defined by organizers. Transfers governed by Standard Contractual Clauses (SCCs). |
___
Summary Notes
| Category | Description |
| Infrastructure | Foundational hosting and delivery. Processes all data but with no purposeful access. |
| Organizer Data Only | Supports your direct client relationship. No guest data exposure. |
| Guest Data | Handles attendee PII. Highest scrutiny. Requires explicit DPA for each. |
Data Transfer Safeguards Legend
| Mechanism | Description |
| EU-U.S. Data Privacy Framework (DPF) | Subprocessor is certified under the EU-U.S. Data Privacy Framework, providing an adequate level of protection for data transfers from the European Economic Area (EEA), Switzerland, and the United Kingdom. |
| Standard Contractual Clauses (SCCs) | Subprocessor has entered into the European Commission’s approved Standard Contractual Clauses to ensure lawful data transfers from Hong Kong and the EEA. |
| Data Processing Agreement (DPA) | A binding agreement is in place that governs data processing activities and ensures compliance with applicable data protection laws. |
Important Clarifications
- Brevo Dual Classification
- Brevo appears in both Category 2 and Category 3 because it serves two distinct purposes:
- Category 2: Your internal use for organizer communications, marketing, and CRM.
- Category 3: The integrated API feature that allows organizers to email their guests.
- Data segregation is strictly maintained between these two use cases. Guest email data processed via the API is not accessible to your internal marketing or CRM teams.
- Brevo appears in both Category 2 and Category 3 because it serves two distinct purposes:
- Google Cloud Segregation
- Google Cloud is used exclusively for organizer-related data storage and processing.
- Guest data remains within AWS infrastructure and does not flow through Google Cloud.
- AWS Data Transfers
- AWS infrastructure is located in Hong Kong. While Hong Kong is not recognized as an “adequate” jurisdiction under GDPR, transfers are safeguarded by Standard Contractual Clauses (SCCs) in accordance with applicable data protection laws.
- Google Workspace Data Location
- Google Workspace data for your organization is stored in Google’s Asia Pacific data centers (typically Singapore or Taiwan), as Google does not operate a dedicated Workspace data center in Hong Kong.