Know where every piece of user data lives - shippingszn launch readiness
The moment you collect an email, payment, file, prompt, or user profile, you need to know where it goes. 'It is somewhere in Supabase' or 'Vercel handles it' is not enough when a user asks for deletion or a platform asks for your privacy details.
Legal pages only protect you if they match reality. If your app sends user data to Stripe, OpenAI, Resend, Sentry, PostHog, Supabase, Firebase, Neon, or a support inbox, those processors and regions have to be known before launch.
Owner verification required: Data location depends on live provider dashboard settings, regions, processors, and retention choices. Static repo scanning can infer likely services, but it cannot prove where provider-held data physically lives or whether privacy disclosures match reality.
The Launch Fix Kit keeps scan-specific findings, file and line evidence, AI-builder punch-list tasks, and verification steps tied to the paid report.
- List every data collection point: signup, checkout, waitlist, contact form, uploaded file, AI prompt, analytics event, error log, support request.
- For each one, write where it is stored first, which third parties receive it, and how long it is kept.
- Open provider dashboards and record region/location where available: database, hosting, auth, email, analytics, AI, payments, storage, logs.
- Tie every data store to a deletion/export path so account deletion is not just deleting one database row.
- Update the privacy policy outline so it names the real categories of data, processors, retention, and deletion/export contact.
Run the scanner | Unlock Launch Fix Kit
Canonical URL: https://shippingszn.com/i/data-location-inventory/