Third-Party Integrations

Overview

This document provides a comprehensive list of all third-party services integrated into the Wedissimo platform, their purposes, data processing requirements, and implementation considerations.

Payment Processing

Stripe Connect

• Purpose: Primary payment processing platform for marketplace transactions
• Data Processed: Payment information, transaction history, vendor payouts
• Integration Points:
  • Customer payment collection
  • Commission splitting
  • Vendor account connections (Stripe Connect)
  • Refund processing
  • Payment tokenization for PCI compliance
• Documentation: Stripe Connect Marketplace
• GDPR Compliance: DPA required, EU-US data transfer via Standard Contractual Clauses

Communication Services

Twilio

• Purpose: Multi-channel communication platform
• Data Processed: Phone numbers, message content, delivery status
• Integration Points:
  • WhatsApp messaging for booking notifications
  • SMS notifications (optional)
  • Phone number validation
• Documentation: Twilio WhatsApp Business API
• GDPR Compliance: DPA required, US-based processing with SCCs

SendGrid (Preferred & Current Email Service)

• Purpose: Transactional and marketing email delivery
• Data Processed: Email addresses, email content, engagement metrics
• Integration Points:
  • Booking confirmations
  • Payment receipts
  • Marketing newsletters (with consent)
  • System notifications
• Documentation: SendGrid Email API
• GDPR Compliance: Part of Twilio, covered under same DPA

SendLayer (Current Email Service)

• Purpose: Email delivery service for WordPress integration
• Data Processed: Email addresses, email content, delivery analytics
• Integration Points:
  • Primary email service for WordPress blog setup
  • Connected via WP Mail SMTP plugin
  • Asynchronous email sending for WordPress
  • Backup email service for different use cases
• Status: Active for WordPress, SendGrid preferred for Laravel due to better email templates
• Documentation: SendLayer Email API

ActiveCampaign

• Purpose: Email marketing automation and CRM
• Data Processed: Contact information, email engagement, behavioral data
• Integration Points:
  • Automated email sequences
  • Customer segmentation
  • Lead nurturing campaigns
  • Event-triggered emails
  • Contact management and CRM features
• Documentation: ActiveCampaign API
• GDPR Compliance: DPA required, consent management for marketing emails

Social Media & Marketing

Facebook

• Purpose: Social media integration, marketing, and authentication
• Data Processed: User social profiles, engagement data, authentication tokens
• Integration Points:
  • Facebook Login (OAuth 2.0) for user authentication
  • Single Sign-On (SSO) for quick account creation
  • Social sharing features
  • Facebook Pixel for analytics (requires consent)
• SSO Implementation: Facebook Login SDK for seamless user onboarding

Instagram

• Purpose: Visual content sharing and vendor portfolio display
• Data Processed: User profiles, media content
• Integration Points:
  • Vendor portfolio integration
  • Social sharing features
  • Instagram API for content display

TrustIndex

• Purpose: Google reviews integration and trust widget display
• Data Processed: Google reviews data, review ratings, customer feedback
• Integration Points:
  • Google reviews widget generation
  • External review integration as page widget
  • Trust scoring and display
  • Review data synchronization
• Documentation: TrustIndex Platform
• GDPR Compliance: DPA required for review data processing

Trustpilot

• Purpose: Review platform integration (site presence)
• Data Processed: Customer reviews, ratings
• Integration Points:
  • Trustpilot presence and profile
  • Review collection platform
• Status: Active site presence

Google Services

Google OAuth / SSO

• Purpose: User authentication and single sign-on
• Data Processed: User profile information, email addresses, authentication tokens
• Integration Points:
  • Google Sign-In for user authentication
  • Single Sign-On (SSO) for quick account creation
  • OAuth 2.0 implementation for secure authentication
  • Access to basic profile information (name, email, profile picture)
• Documentation: Google Identity Platform
• GDPR Compliance: Covered under Google Workspace DPA

Google Places API

• Purpose: Location services and venue information
• Data Processed: Location data, venue details
• Integration Points:
  • Venue search and autocomplete
  • Location validation
  • Map display for venues
• Documentation: Google Places API

Google Maps

• Purpose: Map visualization and navigation
• Data Processed: Location data, user interaction with maps
• Integration Points:
  • Venue location display
  • Direction services
  • Interactive map features

Google Meet

• Purpose: Video consultation platform
• Data Processed: Meeting data, participant information, recordings (if enabled)
• Integration Points:
  • Vendor-couple consultations
  • Meeting scheduling integration
  • "Meet Your Supplier" account management
  • Fireflies.ai auto-joining for transcription
• GDPR Compliance: Google Workspace DPA required

Fireflies.ai

• Purpose: Meeting transcription and AI-powered meeting insights
• Data Processed: Meeting recordings, transcripts, participant information
• Integration Points:
  • Auto-joins Google Meet calls on "Meet Your Supplier" account
  • Webhook notifications after transcription completion
  • Integration with Google Gemini for transcript processing
  • Automated transcript archival and processing
• Documentation: Fireflies.ai API
• GDPR Compliance: DPA required, consent for meeting recording

Google Analytics

• Purpose: Website analytics and user behavior tracking
• Data Processed: Usage data, user behavior, conversion tracking
• Integration Points:
  • Website performance monitoring
  • User journey tracking
  • Conversion optimization
• GDPR Requirements: Cookie consent required, anonymize IP addresses

Google Cloud Platform (GCP)

• Purpose: Cloud infrastructure and services
• Data Processed: All platform data (as infrastructure provider)
• Services Used:
  • Cloud Storage (media files)
  • Cloud SQL (database)
  • Cloud Functions (serverless computing)
  • Cloud CDN (content delivery)
• GDPR Compliance: Google Cloud DPA in place

Google Gemini AI

• Purpose: AI-powered features and content processing
• Data Processed: Meeting transcripts, content for analysis, user queries
• Integration Points:
  • Fireflies transcript processing and analysis
  • Decision mediation scripts on server
  • Message archival and transcription processing
  • Content recommendations
  • Smart search features
• Status: Actively implemented and integrated

Infrastructure & Development Tools

Laravel Ecosystem

• Components:
  • Laravel Framework (PHP backend)
  • Laravel Sanctum (API authentication)
  • Laravel Cashier (Stripe integration)
  • Laravel Horizon (Queue management)
  • Laravel Echo (WebSocket events)
• Purpose: Backend application framework

Redis

• Purpose: In-memory data store for caching and sessions
• Data Processed: Session data, cache data, queue jobs
• Integration Points:
  • Session storage
  • Cache layer
  • Queue backend for Laravel Horizon

Pusher

• Purpose: Real-time WebSocket communication
• Data Processed: Real-time message data, connection information
• Integration Points:
  • Real-time chat features
  • Live notifications
  • WebSocket broadcasting

Cloudflare

• Purpose: CDN, DDoS protection, and performance optimization
• Data Processed: Traffic data, cached content
• Integration Points:
  • Content delivery network
  • SSL/TLS termination
  • Web application firewall (WAF)

Docker

• Purpose: Container platform for application deployment
• Integration Points: Development and deployment environments

Terraform

• Purpose: Infrastructure as Code (IaC) tool
• Integration Points: GCP infrastructure provisioning

WordPress Ecosystem (Blog Migration Context)

• Purpose: Content management system for blog during migration to Laravel
• Data Processed: Blog content, user interactions, email subscriptions
• Integration Points:
  • HivePress plugin for marketplace functionality
  • Action Scheduler for asynchronous task queuing
  • WP Rocket for page caching and static HTML generation
  • Automate Woo for abandoned cart recovery
  • PMXC for export functionality
  • WP Mail SMTP for email delivery integration with SendLayer
• Status: Active for blog only, migrating all other functionality to Laravel
• Migration Note: WordPress services are temporary during transition to full Laravel implementation

Monitoring & Analytics

Sentry

• Purpose: Error tracking and performance monitoring
• Data Processed: Error logs, performance metrics, user context, application traces
• Integration Points:
  • Real-time error tracking and alerting
  • Performance monitoring and optimization
  • Application debugging and diagnostics
  • Issue tracking and resolution
• Documentation: Sentry Documentation
• Status: Actively implemented for monitoring
• GDPR Compliance: DPA required for error and performance data

Datadog (Potential)

• Purpose: Application performance monitoring
• Data Processed: Application metrics, logs, traces
• Status: Mentioned for consideration

New Relic (Potential)

• Purpose: Application performance monitoring
• Data Processed: Application metrics, performance data
• Status: Mentioned for consideration

Consent Management

CookieYes

• Purpose: Cookie consent management and GDPR compliance
• Data Processed: User consent preferences, cookie settings
• Integration Points:
  • Cookie banner display
  • Consent preference center
  • Consent record keeping
• Documentation: CookieYes Documentation
• GDPR Features:
  • Automatic cookie scanning
  • Granular consent categories
  • Consent log maintenance

Search & Discovery

Algolia (Potential)

• Purpose: Search as a Service platform
• Data Processed: Indexed content, search queries
• Status: Mentioned as potential search enhancement

Elasticsearch (Potential)

• Purpose: Search and analytics engine
• Data Processed: Indexed content, search queries
• Status: Alternative to Algolia for search functionality

AI & Machine Learning

ChatGPT (OpenAI)

• Purpose: AI-powered messaging and video call transcript processing
• Data Processed: Customer communications, meeting transcripts, user queries
• Integration Points:
  • Enhanced service delivery integration with Gemini
  • Video call transcript processing
  • AI-powered customer communication features
• Documentation: OpenAI API
• Status: Actively implemented
• GDPR Compliance: DPA required for AI processing of personal data

Data Processing Agreements (DPA) Requirements

Critical DPAs Needed

1. Stripe - Payment processing and financial data
2. Twilio - Communications and personal data
3. Google Workspace - Google Meet and collaboration tools
4. Google Cloud Platform - Infrastructure and data storage
5. SendGrid - Email communications
6. ActiveCampaign - Email marketing and CRM data
7. Fireflies.ai - Meeting recordings and transcription data
8. ChatGPT (OpenAI) - AI processing of customer communications
9. Sentry - Error tracking and performance data
10. TrustIndex - Review and customer feedback data
11. CookieYes - Consent management

Secondary DPAs (As Implemented)

• Facebook/Meta (for social integrations)
• Trustpilot (for review platform presence)
• SendLayer (for WordPress email delivery)
• Cloudflare (if used for CDN/security)
• Pusher (for real-time features)
• WordPress ecosystem plugins (for blog functionality)
• Any additional monitoring services (Datadog, etc.)

Implementation Priority

Phase 1 - Core Services (Immediate)

• Stripe Connect for payments
• SendGrid/SendLayer for email
• Google Cloud Platform infrastructure
• CookieYes for consent management

Phase 2 - Communication Enhancement

• Twilio WhatsApp integration
• Google Meet for consultations
• Pusher for real-time features

Phase 3 - Analytics & Optimization

• Google Analytics (with consent)
• Google Places/Maps APIs
• Monitoring services (Sentry/Datadog)

Phase 4 - Advanced Features

• AI integrations (Gemini/OpenAI)
• Advanced search (Algolia/Elasticsearch)
• Social media integrations

Security Considerations

API Key Management

• Store all API keys in environment variables
• Use secret management services (Google Secret Manager)
• Implement key rotation policies
• Separate keys for development/staging/production

Data Transfer Security

• Enforce HTTPS for all external API calls
• Implement request signing where supported
• Use webhook signature verification
• Implement rate limiting for API endpoints

Compliance Requirements

• Maintain audit logs for all third-party data transfers
• Implement data minimization (only send required data)
• Ensure right to deletion can be propagated to third parties
• Regular security assessments of third-party integrations

Monitoring & Maintenance

Integration Health Checks

• Implement automated monitoring for each service
• Set up alerts for service disruptions
• Maintain fallback options for critical services
• Regular review of API usage and limits

Documentation Requirements

• Maintain up-to-date integration documentation
• Document data flow for each service
• Keep record of configuration changes
• Regular review of third-party service updates

Cost Management

Usage Monitoring

• Track API usage for metered services
• Set up billing alerts
• Regular review of service utilization
• Optimize API calls to reduce costs

Service Evaluation

• Quarterly review of service effectiveness
• Cost-benefit analysis for each integration
• Consider alternatives for underperforming services
• Negotiate enterprise agreements where applicable