Subprocessors
Effective date: 23 June 2026
Zesty uses third-party providers to operate, secure, support, and improve the service. This page describes the providers that may process account, restaurant, customer, staff, operational, support, technical, or billing data.
Current providers
| Provider | Purpose | Data processed | Notes |
|---|---|---|---|
| Dokploy and hosting infrastructure | Run Zesty web, API, deployment, and service infrastructure | Account, restaurant, technical, log, and operational data required to serve the application | Production infrastructure provider |
| PostgreSQL | Store application records | Organization, branch, user, order, payment state, inventory, support, audit, and security records | Primary application database |
| Valkey | Support sessions, queues, caching, and rate limits | Session, queue, rate-limit, and operational metadata | Short-lived operational data |
| MinIO-compatible object storage | Store uploaded files and generated exports | Menu images, logos, white-label assets, exports, support attachments, and related metadata | Objects remain private unless configured otherwise |
| Better Auth | Provide login, sessions, passkeys, password reset, and organization access controls | Identity, account, session, device, and security metadata | Authentication framework used by Zesty |
| Resend | Send transactional email | Email addresses, message content, delivery metadata, and communication preferences | Used when email delivery is configured |
| MSG91 | Send OTP and operational messages | Phone numbers, OTP metadata, message content, and delivery status | Used for phone-based staff login and notifications where enabled |
| Razorpay | Process payments, refunds, webhooks, and reconciliation | Payment identifiers, transaction state, billing details, webhook payloads, and provider metadata | Used for online payments where enabled |
| OpenAI | Support optional AI-assisted workflows | Prompt, generated text, menu, support, or operational content submitted for AI processing | Used only where AI features are enabled |
Provider review
Before adding a material provider, Zesty should review:
- the purpose and data categories involved;
- security posture and access controls;
- retention and deletion behavior;
- incident notification obligations;
- whether customer-facing policy updates are required.
Changes
Provider names and infrastructure choices may change as Zesty evolves. Material changes should be reflected by updating this page or notifying affected customers through an appropriate channel.
Contact
For subprocessor questions, use Contact Zesty or contact hello@zesty.id.