Meng Tech LLC (operator of Fusion Link) engages the third-party providers listed below to deliver the platform. This page is authoritative — it is updated alongside the code that engages each provider, not separately. Last updated: 2026-06-21.
Vendors connecting a mailbox via the email-to-booking feature introduce additional sub-processors (Aurinko + an LLM provider). Those are scoped to that feature only — vendors who don't opt in are not exposed to them.
Email API + OAuth token storage. Powers the vendor email-to-booking inbox.
Mailbox metadata + message bodies for connected vendor inboxes; OAuth refresh tokens.
LLM extraction (text + multimodal vision).
Redacted email subject + body + attachment images at extraction time. PII (passport/NRIC/phone/email/credit card) is hashed and tokenised before the prompt is sent. Calls route through Vercel AI Gateway with zero data retention at the gateway layer; the provider's own retention is governed by Moonshot's privacy policy.
LLM extraction (text-only fallback path).
Redacted email subject + body at extraction time when the text-only path runs. Same PII redaction as Moonshot. Routes through Vercel AI Gateway with zero data retention at the gateway layer.
Application hosting + AI Gateway + serverless functions.
All inbound web requests, application logs, and AI-extraction prompts. Vercel does not persist AI-gateway prompts or responses (zero-retention contract).
R2 object storage for raw email bodies + attachments.
Raw email bodies and attachment binaries. Retention bounded by Fusion Link's retention cron (90 days default, 30 days for rejected drafts).
Google LLC / Microsoft Corporation
United StatesUpstream mailbox providers reached via Aurinko when the vendor connects a Gmail or Microsoft 365 account.
The vendor's mailbox itself. Fusion Link only ever accesses the read-only Mail.Read scope granted at OAuth time.
European Union (data residency, Frankfurt); United States (operator) First-party product analytics, session replay (web only), feature flags, and web-vitals capture. EU Cloud region.
Pseudonymised product-interaction events (page views, clicks, feature usage, web-vitals timings) keyed to the Firebase user identifier for signed-in users, or to an anonymous visitor identifier on marketing pages after cookie-banner consent. Sensitive UI (wallet balances, ledger amounts, driving-licence numbers, NRIC/ID documents) is masked from session replay via maskTextSelector + maskAllInputs.
Crash and error monitoring. Captures exceptions and runtime errors from web and mobile clients.
Error stack traces, breadcrumb event trails, device/browser information, IP address, and the Firebase user identifier of the affected user. No financial figures or document numbers are sent in the payload.
SMS one-time-password delivery for driver and customer phone verification (Twilio Verify).
Phone number and the OTP code at delivery time. Twilio does not receive any other account, vehicle, or trip data.
Transactional + notification email delivery — booking confirmations, invoices, vendor booking-event notifications, contact-form enquiry forwarding, and lifecycle emails.
Recipient address, reply-to address, and the rendered message content at send time — which may include a customer or contact-form submitter's name, email, phone, booking details, and free-text enquiry message.
Right to erasure (GDPR Art. 17)
Vendor admins can purge all email-ingestion data — drafts, attachments, raw bodies — via the platform's purge-all endpoint at any time. Aurinko tokens are revoked on disconnect; storage is then cleaned up on the next retention cron tick (within 24 hours).
Questions about this list? Email
legal@fusionlink.pro.