Bokko — Sub-processors & Service Providers

Infrastructure and Platform

Provider	Role	Data Categories	Region	Transfer Guarantee
Google Firebase (Google LLC)	Auth, Firestore database, Cloud Functions, Hosting	Guest booking data, provider account data, auth credentials, platform logs	Primarily EU (europe-west1, Belgium); some support operations may touch global infrastructure	SCC (2021/914/EU) + EU–US Data Privacy Framework
Google Calendar API (Google LLC)	Optional calendar sync: (1) business-level — confirmed bookings written to the owner's Google Calendar if enabled; (2) staff-level — staff member's personal Google Calendar free/busy status read for availability blocking, and optionally bookings written to the staff member's personal calendar if the staff member individually enables this	Confirmed booking time and description details; staff calendar free/busy status	Google Workspace / global infrastructure	SCC (2021/914/EU) + EU–US Data Privacy Framework
Google Maps Platform (Places API — Google LLC)	Address autocomplete (optional; in profile and billing fields)	Search characters typed by the user; not linked to booking profiles	Google global infrastructure	SCC (2021/914/EU) + EU–US Data Privacy Framework
Sentry, Inc.	Error monitoring and technical diagnostics. Bokko's configuration uses data minimization (redacting emails, phones, tokens).	Error reports, stack traces, client metadata, technical identifiers (subject to redaction)	May involve processing outside the EEA depending on provider infrastructure	SCC and other compliance guarantees; where applicable, EU–US Data Privacy Framework

Communication

Provider	Role	Data Categories	Region	Transfer Guarantee
Spoje.net, s.r.o. (BulkGate)	Optional SMS reminders before confirmed appointments	Normalized phone number, message content, delivery metadata	EU (Czech Republic) for platform storage; delivery chain may involve third countries	DPA; delivery chain may involve third countries (carriers, aggregators)
Mailjet SAS (Sinch Group subsidiary)	Email notifications (requests, confirmations, status, reminders)	Email address, message content, delivery metadata	Primarily EU (France)	Primarily EEA processing; SCCs applied where necessary

Related Providers

The following providers primarily relate to Bokko's own operations, payments, or networking. Some may process booking-related payment or billing data if the specific integration is activated.

Provider	Role	Data Categories	Region	Transfer Guarantee
Stripe Payments Europe, Ltd. (for EU subscribers)	Processing of subscription fees and optional guest payments (deposits, no-show fees). Inactive during Open Beta.	Billing details, payment metadata (Bokko does not see card numbers). No data shared during Open Beta.	USA / EU	SCC (2021/914/EU) + EU–US Data Privacy Framework
Barion Payment Zrt.	Optional guest payments. Prepared integration; inactive during Open Beta.	Payment metadata, identifiers, payment states. No data shared during Open Beta.	Hungary (EEA)	DPA; EEA-based processing
OTP Mobil Kft. (SimplePay)	Optional guest payments. Prepared integration; inactive during Open Beta.	Payment metadata, identifiers, payment states. No data shared during Open Beta.	Hungary (EEA)	DPA; EEA-based processing
Billingo Technologies Zrt.	Optional invoicing if enabled by the Subscriber.	Billing name, address, email, tax ID, service and price details	Hungary (EEA)	DPA; EEA-based processing
KBOSS.hu Kft. (Számlázz.hu)	Optional invoicing if enabled by the Subscriber.	Billing name, address, email, tax ID, service and price details	Hungary (EEA)	DPA; EEA-based processing
Cloudflare Inc.	DNS management and Cloudflare Web Analytics (cookie-less, aggregated measurement). Script loads only upon consent.	DNS query metadata, aggregated traffic statistics	USA / Global	SCC (2021/914/EU) + EU–US Data Privacy Framework

Transfer Guarantees

Data transfers outside the EEA are based on the following mechanisms:

Standard Contractual Clauses (SCC): Clauses adopted by the European Commission (2021/914/EU) relied upon by relevant providers.
EU–US Data Privacy Framework (DPF): Where the provider is certified under the framework adopted on July 10, 2023.

List of Sub-processors and Service Providers

Infrastructure and Platform

Communication

Related Providers

Transfer Guarantees