Sub-processors — Technical Register¶
INTERNAL · docs.rtopacks.com.au › Data Infrastructure › Sub-processors · Last updated: March 2026
Source of truth: audited directly from rtopacks-site Worker bundle and D1 schema
This document maps each sub-processor to the specific platform functions that call it, what data is transmitted, and where it is stored. The public-facing version of this register lives at trust.rtopacks.com.au/sub-processors.
This document is for internal use only. It contains binding names, endpoint details, and data flow architecture that should not be shared outside the organisation.
1. Cloudflare, Inc.¶
| Field | Value |
|---|---|
| Country | United States |
| Data residency | Sydney colo (SYD) — all D1 and R2 data remains in Australia |
| Relationship | Primary infrastructure provider — all platform Workers run on Cloudflare |
Functions¶
- rtopacks-site Worker: Serves the entire RTOpacks platform (Next.js on Cloudflare Workers)
- rtopacks-db (D1): Primary database — subscribers, users, orders, content, corpus data. ID:
334ac8fb-9850-48c0-9da0-b56c55640e98 - rtopacks-media (R2): Media assets
- rtopacks-output (R2): Generated content output
- Ingest Workers: rtopacks-jsa-ingest, rtopacks-ivi-ingest, rtopacks-osl-ingest, rtopacks-glmd-ingest, rtopacks-vnda-atlas-ingest
- DNS / CDN / DDoS: All RTOpacks zones (rtopacks.com.au, trust.rtopacks.com.au, docs.rtopacks.com.au, media.rtopacks.com.au)
Personal data¶
User email, name, phone (stored in D1, SYD region). All platform data passes through Cloudflare infrastructure by definition.
2. Resend, Inc.¶
| Field | Value |
|---|---|
| Country | United States |
| Binding | RESEND_API_KEY secret on rtopacks-site Worker |
| From address | noreply@rtopacks.com.au (verified domain) |
| Plan | Free tier — 3,000 emails/month |
| Endpoint | https://api.resend.com/emails |
Functions¶
- /api/verify-email: Magic link authentication emails — recipient email address and sign-in link
- /api/subscribe: Subscriber confirmation email — first name and email address
- Admin notifications: New subscriber alert to admin@ucca.online
Personal data transmitted¶
Recipient email address, first name (where provided), time-limited magic link token. Resend logs email events for 3 days on free tier.
3. Stripe, Inc.¶
| Field | Value |
|---|---|
| Country | United States |
| Binding | Stripe publishable + secret keys on rtopacks-site Worker |
| Endpoint | https://api.stripe.com |
Functions¶
- /checkout: Composer subscription payment processing
- /dashboard/pricing: Subscription management and plan changes
- Webhook handler: Stripe event processing (subscription created, payment succeeded, etc.)
Personal data transmitted¶
Email address, payment method details (handled entirely by Stripe — never stored in rtopacks-db). Stripe Customer ID and subscription status are stored locally in rtopacks-db.
4. Twilio Inc.¶
| Field | Value |
|---|---|
| Country | United States |
| Binding | Twilio Account SID + Auth Token on rtopacks-site Worker |
| Endpoints | https://api.twilio.com, https://verify.twilio.com |
Functions¶
- /api/contact: Admin SMS alert on new contact form submission — fires to +61422334489
- /api/subscribe: Admin SMS alert on new subscriber — fires to +61422334489
Personal data transmitted¶
Admin phone number (+61422334489) only — no subscriber or user phone numbers are transmitted at present. Subscriber phone numbers will be stored in rtopacks-db once Brief #REVIEW-SUB-01 is deployed, but no outbound SMS to subscribers is currently planned.
5. Google LLC¶
| Field | Value |
|---|---|
| Country | United States |
| Endpoint | https://accounts.google.com |
| Method | OAuth 2.0 — sign-in with Google |
Functions¶
- /auth flow: Google OAuth sign-in — token exchange returns email address and Google account ID
Personal data transmitted¶
Email address and Google account ID returned via OAuth token. Both stored in rtopacks-db users table. No other Google services are called at runtime.
6. Australian Government — training.gov.au / NCVER¶
| Field | Value |
|---|---|
| Country | Australia |
| Licence | CC BY 4.0 |
| Direction | Outbound read-only — no personal data shared |
Functions¶
- Corpus ingest Workers: Qualifications, units of competency, skill sets, and training packages read from training.gov.au API
- NCVER datasets: Enrolment and graduate outcome data (JSA / VNDA)
Personal data¶
None transmitted. These are read-only data sources. No user data is sent to training.gov.au or NCVER.
7. Australian Government — abr.business.gov.au¶
| Field | Value |
|---|---|
| Country | Australia |
| Endpoint | https://abr.business.gov.au |
| Direction | Outbound read-only — no personal data shared |
Functions¶
- RTO claim/verify flow: ABN lookup and verification during RTO account claim
Personal data¶
None transmitted. ABN is queried, result returned. No user data is sent to ABR.
8. Anthropic, PBC¶
| Field | Value |
|---|---|
| Country | United States |
| Endpoint | https://api.anthropic.com |
| Binding | ANTHROPIC_API_KEY secret on rtopacks-site Worker |
Functions¶
- Composer AI features: AI-assisted features within the Composer — query content transmitted to Anthropic API
Note: The Knowledge Navigator feature does NOT call the Anthropic API. It serves pre-written static Interpretation B content. Only interactive AI features in the Composer transmit data to Anthropic.
Personal data transmitted¶
Query content submitted by the user to AI features. RTOpacks does not persistently store API queries. Anthropic's data retention policy applies independently.
9. Development-time only — not runtime sub-processors¶
The following appear in the platform bundle or development workflow but are not called at runtime and do not process user data:
| Tool | Role |
|---|---|
| Figma | Design tooling — development only, no runtime calls |
| GitHub (uccaonline) | Source control — development only, no runtime calls |
| Tailwind CSS | CSS framework — fully bundled at build time, no CDN calls at runtime |
| Nodemailer | Email library — bundled as dependency but not used; Resend API is used directly |
10. Pending changes¶
The following sub-processor changes are pending deployment (Brief #REVIEW-SUB-01):
- Resend: subscriber confirmation emails will be added to
/api/subscribe - Twilio: admin SMS notification will be added to
/api/subscribe - rtopacks-db: subscribers table will be extended with
first_name,phone,organisationcolumns