Core platform data
Account identifiers, profile fields, KYC/business verification records when submitted, content records, usage logs, wallet/accounting records, and support/contact data.
This page summarizes infrastructure, payment, email, AI, analytics, and integration processors used or planned by TrueLink. Unknown regions, contracts, and DPA status are intentionally marked as to be confirmed.
TrueLink uses account-linked data to provide authentication, trust verification, content tools, SEO/GEO analysis, billing, support, security, and product operations.
Account identifiers, profile fields, KYC/business verification records when submitted, content records, usage logs, wallet/accounting records, and support/contact data.
Payment status, media uploads, AI prompts/outputs, SEO scan targets, search metrics, email delivery metadata, LINE/OAuth identifiers, and notification tokens depend on feature use.
Formal DPA coverage, region selection, retention schedules, and cross-border transfer documentation still require legal and account-level confirmation before stronger public claims.
Status labels separate active or configured providers from conditional integrations and roadmap-only providers.
| Provider | Status | Purpose | Data categories | Region / DPA note | Repo evidence |
|---|---|---|---|---|---|
| Google Firebase / Google Cloud Platform | Current | Hosting, Cloud Functions, Firestore, Storage, Auth, App Check, Secret Manager, logs, monitoring, and scheduled jobs. | Account IDs, profile data, KYC/business records when submitted, content, files, usage logs, security events, wallet/accounting metadata. | Project/account settings and DPA status to be confirmed before public legal claims. | firebase.json, functions/index.js, docs/SAAS_ARCHITECTURE.md |
| Google APIs / OAuth / Search Console / Business Profile | Conditional | Google login and optional SEO/business integrations where users authorize access. | OAuth identifiers, authorized property/business metrics, search performance metrics, and related integration metadata. | User authorization scopes and account settings to be confirmed per integration. | functions/routes/auth.js, functions/routes/analytics.js, functions/routes/seoRadar.js |
| Google AI / Vertex AI / Gemini | Current or conditional | AI help, schema assist, OCR summaries, SEO repair suggestions, and other AI-assisted drafting or analysis workflows. | Prompts, user-provided task context, page snippets, uploaded evidence when a feature requires it, generated outputs, usage logs. | Provider routing and model choices must be recorded per AI workflow; do not claim training or retention terms without account verification. | functions/package.json, docs/AI_GOVERNANCE_AND_DISCLOSURE_STANDARD.md, docs/SECRETS_AND_ENV_MANAGEMENT.md |
| Resend | Current when email features are enabled | Transactional and operational email delivery. | Email address, recipient metadata, subject/body content, delivery status, and email event metadata. | Account region, DPA, and suppression/retention settings to be confirmed. | functions/package.json, functions/index.js, docs/SECRETS_AND_ENV_MANAGEMENT.md |
| ECPay | Current for Taiwan payment flows | Payment order creation, webhook confirmation, subscription/payment status, and accounting reconciliation. | Order IDs, payment status, amount, receipt/payment metadata, user/account identifiers needed for reconciliation. Raw card numbers should not be stored by TrueLink. | Payment merchant contract and processor terms to be confirmed before international payment claims. | functions/routes/payment.js, docs/AUTH_PERMISSION_AND_CRM_IDENTITY_MODEL.md, docs/APP_PRIVACY_DATA_SAFETY_MATRIX.md |
| DataForSEO | Current or conditional for paid SEO/Radar features | Backlink, keyword, rank, and SEO intelligence lookups. | Domain names, target URLs, keyword queries, SEO metrics, cached lookup results, and feature usage metadata. | Account contract, region, and retention terms to be confirmed. | functions/routes/dataForSeo.js, docs/DATAFORSEO_API_GUIDE_AND_STRATEGY.md |
| LINE | Conditional | LINE Login, notifications, official account messaging, and user-selected contact flows where enabled. | LINE identifiers, OAuth metadata, notification or message metadata, and user-provided contact preferences. | Channel settings and messaging terms to be confirmed for each LINE integration. | functions/routes/auth.js, functions/constants/syndication.js, docs/SECRETS_AND_ENV_MANAGEMENT.md |
| OpenAI | Conditional for image-generation workflows | AI image generation where an AI image task explicitly uses OpenAI/gpt-image routing. | Image prompts, generation parameters, task metadata, output references, and usage logs. | Provider account settings and data handling terms to be confirmed before broad public claims. | functions/index.js, docs/SECRETS_AND_ENV_MANAGEMENT.md |
These providers appear in strategy or planning docs but must not be represented as production subprocessors until implemented and verified.