> /third-party-services
Third-Party Services
Last updated: April 7, 2026
This document lists the third-party services used across all CHKDSK Labs products and services, including the primary data categories shared and the purpose of each integration. Not every service is used by every product — each entry indicates which projects it applies to.
Vercel
Purpose: Application hosting, CDN, serverless compute, and cookieless web analytics.
Data shared: HTTP request metadata (IP address, headers, request path), anonymized page views, and web vitals performance metrics. No PII is collected by Vercel Analytics.
Applicable projects
- [ ]CHKDSK Labs Website
- [x]Ridge Sight
- [ ]Refresso
- [x]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Stripe
Purpose: Payment processing, subscription billing, and usage-based metered billing.
Data shared: Stripe handles all payment information (credit cards, billing addresses) directly. We store only opaque Stripe identifiers (customer ID, subscription ID) and subscription status. No raw card data ever touches CHKDSK Labs infrastructure.
Applicable projects
- [ ]CHKDSK Labs Website
- [x]Ridge Sight
- [x]Refresso
- [x]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
GitHub
Purpose: Authentication (OAuth 2.0), repository data access, and webhook event delivery.
Data shared: OAuth tokens (encrypted at rest), GitHub user ID, username, avatar URL, and repository/PR metadata. Source code is never accessed or stored.
Applicable projects
- [ ]CHKDSK Labs Website
- [x]Ridge Sight
- [ ]Refresso
- [ ]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Neon (PostgreSQL)
Purpose: Primary database hosting for application data.
Data shared: All stored application data. Sensitive credentials are encrypted (AES-256-GCM) before storage. Row-level security (RLS) is enforced where applicable.
Applicable projects
- [ ]CHKDSK Labs Website
- [x]Ridge Sight
- [x]Refresso
- [ ]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Supabase
Purpose: Database hosting (PostgreSQL) and user authentication.
Data shared: Account data, user-generated content, authentication sessions, and application state.
Applicable projects
- [ ]CHKDSK Labs Website
- [ ]Ridge Sight
- [ ]Refresso
- [x]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Sanity
Purpose: CMS content delivery for published articles and knowledge-base content.
Data shared: Published content only. No user personal data is stored in Sanity.
Applicable projects
- [x]CHKDSK Labs Website
- [ ]Ridge Sight
- [ ]Refresso
- [ ]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Vercel AI Gateway
Purpose: Unified API proxy for AI model inference, routing requests to providers operating under Zero Data Retention (ZDR) agreements.
Data shared: Product-specific metadata only (e.g. PR metadata for Ridge Sight, content metadata for ConVersely moderation). No source code, no PII, no raw user content is sent. All data is discarded immediately after inference — it is not stored, logged, or used for model training.
Company policy: All CHKDSK Labs products that use AI inference use only ZDR-compliant models through the Vercel AI Gateway. This is a company-wide requirement, not a per-product decision.
Applicable projects
- [ ]CHKDSK Labs Website
- [x]Ridge Sight
- [ ]Refresso
- [x]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Sentry
Purpose: Error monitoring and performance tracking for application reliability.
Data shared: Error messages, stack traces, request metadata (route, status code, response time). No PII, access tokens, or request/response bodies are included. Opt-in via environment variable configuration.
Applicable projects
- [ ]CHKDSK Labs Website
- [x]Ridge Sight
- [ ]Refresso
- [x]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
PostHog
Purpose: Product analytics — page views, feature usage, and session data.
Data shared: Page views, feature interaction events, and session metadata. Only active with user consent via cookie banner.
Applicable projects
- [ ]CHKDSK Labs Website
- [ ]Ridge Sight
- [ ]Refresso
- [x]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Slack
Purpose: Support ticket management and optional notification delivery.
Data shared: Support ticket content (name, email, subject, messages) for ticket management. Notification digests (alert counts only, no PR details) for opt-in notification delivery. Webhook URLs are encrypted at rest.
Applicable projects
- [x]CHKDSK Labs Website
- [x]Ridge Sight
- [ ]Refresso
- [ ]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Pushover
Purpose: Optional push notification delivery for alert digests.
Data shared: Notification digests containing alert counts only. API credentials are encrypted at rest (AES-256-GCM). Opt-in only.
Applicable projects
- [ ]CHKDSK Labs Website
- [x]Ridge Sight
- [ ]Refresso
- [ ]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Anthropic
Purpose: AI language model inference for conversational and generative features.
Data shared: User message content and conversation context required to fulfill inference requests. No data is retained by Anthropic beyond the scope of a single API call under our agreement. No PII beyond what users voluntarily include in messages.
Applicable projects
- [ ]CHKDSK Labs Website
- [ ]Ridge Sight
- [ ]Refresso
- [ ]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [x]CrabTalk
- [ ]Pomotok
Fly.io
Purpose: Static site hosting and long-running service infrastructure.
Data shared: HTTP request metadata (IP address, headers, request path). No PII is collected at the infrastructure level.
Applicable projects
- [x]CHKDSK Labs Website
- [ ]Ridge Sight
- [ ]Refresso
- [ ]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [ ]CrabTalk
- [ ]Pomotok
Cloudflare
Purpose: Application hosting via Pages, serverless compute via Workers, object storage via R2, and relational database via D1.
Data shared: HTTP request metadata (IP address, headers, request path), application data stored in R2/D1 as required per product. Cloudflare acts as both a network intermediary and a data processor for stored content.
Applicable projects
- [ ]CHKDSK Labs Website
- [ ]Ridge Sight
- [ ]Refresso
- [x]ConVersely
- [ ]HissCheck
- [ ]L-BOM
- [ ]GUI-BOM
- [x]CrabTalk
- [ ]Pomotok
Summary
| Service | Purpose | Data Categories | Required |
|---|---|---|---|
| Vercel | Hosting, CDN, analytics | Request metadata, anonymized analytics | Product-specific |
| Fly.io | Static site & service hosting | Request metadata | Product-specific |
| Cloudflare | Pages, Workers, R2, D1 | Request metadata, application data | Product-specific |
| Stripe | Payment processing | Customer ID, subscription status | For paid products |
| GitHub | Authentication, repository access | OAuth tokens, user profile, PR metadata | Product-specific |
| Neon | Database hosting | Application data (encrypted) | Product-specific |
| Supabase | Database, authentication | Account data, content, sessions | Product-specific |
| Sanity | CMS content delivery | Published content | Product-specific |
| Vercel AI Gateway | AI inference (ZDR) | Product metadata (no source code/PII) | Product-specific |
| Sentry | Error monitoring | Error reports, performance traces | Recommended |
| PostHog | Product analytics | Page views, feature usage | Consent-based |
| Slack | Support, notifications | Ticket content, alert digests | Conditional |
| Pushover | Push notifications | Alert digests (counts only) | Optional |
| Anthropic | Plugin Hosting | Published Content | Product-specific |
Integration Notes
- No cardholder payment data is processed by any CHKDSK Labs infrastructure. Only non-sensitive identifiers from Stripe-hosted checkout are stored.
- All AI inference across CHKDSK Labs products uses the Vercel AI Gateway with Zero Data Retention models exclusively.
- All third-party services are selected based on their security posture and compliance with applicable data protection regulations. We review our third-party integrations annually or when a new service is added.
Processor Change Policy
This page is updated whenever a new third-party processor is added or when an integration materially changes the categories of data processed.