NOTICE. You are currently visiting the staging environment intended for development and testing purposes only.

NOTICE. You are currently visiting the staging environment intended for development and testing purposes only.

An unhandled error has occurred. Reload 🗙

Third-Party Provider List

2025-10-01 (updated 2026-05-22)

Updated: 2026-05-22

Effective from: 2025-10-01

Service: Citizen iD
Contact: hi@citizenid.space

This list summarizes third parties and service providers that may process data in connection with Citizen iD. Roles can vary by feature and by the provider’s own terms. Unless a separate written agreement says otherwise, OAuth/OIDC client applications and Discord communities are independent services/controllers for data they receive and control.

1. Core infrastructure

Provider / system Purpose Data involved Region Role / default treatment
Citizen iD self-hosted production infrastructure Web/app hosting and deployment Service data EU Operator-controlled infrastructure
PostgreSQL / database host Primary persistence Account, RSI, Discord, OAuth, community, app, role, branding, and support-related records EU Processor/service provider or operator-controlled, depending deployment
Redis/cache Cache, SignalR/backplane, transient operational state Cache/session/backplane data EU Processor/service provider or operator-controlled, depending deployment
Logs, metrics, traces / Grafana-LGTM/OpenTelemetry Observability, debugging, reliability, security Request metadata, logs, traces, metrics EU Processor/service provider or operator-controlled, depending deployment
Backup storage Continuity and disaster recovery Backed-up service data EU Processor/service provider or operator-controlled, depending deployment
Cloudflare CDN, routing, availability, network/security functions Browser request metadata, IP address, headers, security/network data Global/EU depending configuration Service provider/processor for Citizen iD-controlled traffic; may act under own terms for network/security processing

2. Identity and integrations

Provider / system Purpose Data involved Region Role / default treatment
Discord Login, linked roles, role sync, nickname sync, support community, bot integrations Discord IDs, usernames, avatars, guild IDs, member IDs, role IDs, linked-role metadata, OAuth tokens/scopes, support messages Provider-controlled Independent platform/controller; integration recipient
Participating Discord servers Community roles, nicknames, moderation, local rules Citizen iD status, verified status, username, display name, public RSI username depending settings/configuration Server/operator-controlled Independent community/controller
Google OAuth Optional login Google account ID, email, name/nickname, avatar Provider-controlled Independent provider/controller
Twitch Optional login Twitch ID, username, avatar, optional email/email verification Provider-controlled Independent provider/controller
RSI / Roberts Space Industries / Spectrum / Star Citizen public sources RSI game-account ownership check and public profile/org sync RSI username, public profile and organization data Provider-controlled Independent provider/controller and public data source
WildKnightSquadron Sentry/Spectrum APIs Star Citizen profile/org data retrieval Public Star Citizen profile/org data Provider-controlled Independent data/API provider
OAuth/OIDC client applications authorized by users SSO and scoped claim disclosure Claims authorized by the user, such as account/profile/email/role/Discord/RSI claims Client-controlled Independent service/controller unless a written agreement says otherwise

3. Analytics, support, and assets

Provider / system Purpose Data involved Region Role / default treatment
PostHog EU Cloud endpoints Product analytics and reliability Cookieless event data, internal subject/account ID for authenticated users, verification-status property EU Processor/service provider for analytics
Discord support and Tickets Bot Support, moderation, content, copyright, privacy, and security request handling Support messages, account identifiers, report details, attachments users provide Provider-controlled Support provider / independent platform depending feature
Google Fonts, if loaded externally Font delivery Browser request metadata such as IP address and user-agent Provider-controlled Independent CDN/provider
jsDelivr, if loaded externally Frontend asset delivery Browser request metadata such as IP address and user-agent Provider-controlled Independent CDN/provider

4. Developer operations and security

Provider / system Purpose Data involved Region Role / default treatment
GitHub / GHCR Source control, CI/CD, container registry Source/build/deployment metadata, container images, CI logs; production personal data is not intended to be stored in CI/CD logs Provider-controlled; self-hosted deployment in EU Developer operations provider
1Password Secrets management Service secrets and credentials, not ordinary user personal data unless stored in secrets by mistake Provider-controlled Security/secrets provider
Self-hosted EU deployment infrastructure Deployment automation Deployment metadata, service configuration EU Operator-controlled infrastructure