Service Provider Registry
Overview
Membership One GmbH operates the Membership One SaaS platform. External service providers are contracted for specialized functions. Cash360, My-Factura, and CashControl are independent companies -- not internal products.
This registry documents all service provider relationships, costs, and integration status.
Reference: Chapter 16 (Startup Operations), MASTERPLAN Step 12.1b.
Service Provider Directory
| # | Provider | Service | Website | Contract Type | Monthly Cost (EUR) | API Integration |
|---|---|---|---|---|---|---|
| 1 | My-Factura | Invoicing, billing, SEPA mandates | www.my-factura.com | SaaS + per-transaction | Variable | Yes (REST) |
| 2 | CashControl | Payment collections, debt collection | cashcontrol.info | Via My-Factura | Included in #1 | Indirect |
| 3 | Hetzner Cloud | Infrastructure hosting (K8s, DB, storage) | www.hetzner.com | Pay-as-you-go | 97.41 | Yes (API) |
| 4 | DATEV | Tax accounting standard | www.datev.de | Via Steuerberater | Included in #5 | Yes (CSV export) |
| 5 | Steuerberater | Tax advisory, monthly bookkeeping, DATEV | -- | Monthly retainer | 300.00 | Manual |
| 6 | Cloudflare | CDN, DNS, WAF, DDoS protection | www.cloudflare.com | Free plan | 0.00 | Yes (API) |
| 7 | GitLab | Source code hosting, CI/CD pipelines | gitlab.com | Free tier (SaaS) | 0.00 | Yes (API) |
| 8 | SMTP Provider | Email delivery (Mailgun or SES) | mailgun.com | Flex plan | 10.00 | Yes (SMTP/API) |
| 9 | Insurance (3 policies) | Betriebshaftpflicht, Cyber, D&O | -- | Annual policies | 100.00 | None |
| 10 | Domain Registrar | membership-one.com + membership.app | -- | Annual registration | 2.50 | None |
| 11 | Vaultwarden | Team password manager (Bitwarden-compatible) | github.com/dani-garcia/vaultwarden | Self-hosted (open source) | 0.00 | None |
| 12 | Icinga | Infrastructure monitoring, SSL cert checks | icinga.com | Self-hosted (open source) | 0.00 | Yes (API) |
| 13 | Dehydrated | ACME client for Let's Encrypt cert renewal | github.com/dehydrated-io/dehydrated | Self-hosted (open source) | 0.00 | Automated |
Monthly Cost Summary
| Category | Items | Monthly Cost (EUR) |
|---|---|---|
| Infrastructure | Hetzner Cloud (#3) | 97.41 |
| Infrastructure | Cloudflare (#6) | 0.00 |
| Infrastructure | Domains (#10) | 2.50 |
| Communication | SMTP Provider (#8) | 10.00 |
| Legal / Tax | Steuerberater incl. DATEV (#4, #5) | 300.00 |
| Legal / Tax | Insurance amortized (#9) | 100.00 |
| Self-hosted | Vaultwarden, Icinga, Dehydrated (#11-13) | 0.00 |
| Payment | My-Factura / CashControl (#1, #2) | Variable |
| DevOps | GitLab (#7) | 0.00 |
| Total Fixed Costs | ~510 | |
| Total incl. marketing, office, contingency | ~802 |
Note: My-Factura and CashControl costs are variable (per-transaction fees) and scale with customer billing volume. They are not included in the fixed cost total. The EUR 802 total includes marketing (EUR 200), virtual office (EUR 30), and contingency (EUR 50) as listed in the full cost breakdown (see marketing-guide.md Section 9).
Integration Status
| Provider | Integration Method | Module | Status | Notes |
|---|---|---|---|---|
| My-Factura | REST API (Consumer, Transaction, Payment, Webhook, Reporting) | membership-payment | Implemented | Cash360PublicApiClient with Resilience4j circuit breaker |
| CashControl | Indirect via My-Factura (SEPA collections, debt collection) | membership-payment | Implemented | No direct API call; CashControl processes via My-Factura |
| Hetzner Cloud | Terraform + Hetzner API (server provisioning, DNS, firewall) | infra/k8s | Implemented | Helm charts deploy to Hetzner K8s |
| DATEV | CSV Buchungsstapel EXTF v700 export | membership-accounting | Implemented | DatevExportService generates DATEV-compatible CSV |
| Cloudflare | API (DNS records, WAF rules, cache purge) | infra/ | Configured | Dehydrated uses Cloudflare API for DNS-01 challenge |
| GitLab | CI/CD pipeline (.gitlab-ci.yml), Container Registry | .gitlab-ci.yml | Implemented | 7-stage pipeline: build to deploy-production |
| SMTP | JavaMailSender (SMTP protocol) | membership-communication | Implemented | EmailSender service, HTML templates via Thymeleaf |
| Vaultwarden | Browser extension + CLI | Team workflow | Deployed | Self-hosted on Hetzner infra node |
| Icinga | HTTP/TCP checks, SSL monitoring | Monitoring stack | Deployed | Checks all external endpoints and cert expiry |
| Dehydrated | DNS-01 ACME challenge via Cloudflare API | TLS certs | Deployed | Daily cron, auto-deploy to Hetzner Load Balancer |
Contract Bundle for Customer Onboarding
When a new customer signs up for Membership One, they enter into a bundled contract covering three service relationships:
| # | Contract | Provider | Signing Method |
|---|---|---|---|
| 1 | SaaS Agreement (AGB) + AVV/DPA | Membership One GmbH | Digital (Click-to-Sign) |
| 2 | Invoicing and billing service agreement | My-Factura | Orchestrated by Membership One |
| 3 | SEPA Lastschriftmandat | CashControl (via My-Factura) | Digital mandate |
This is presented as a single onboarding flow. The customer signs once. Membership One orchestrates all downstream contract creation via API calls to My-Factura.