Privacy Policy

Legal

Data Subprocessors

Tulipp uses the following third-party providers to operate its platform. All providers are selected to ensure a level of data protection equivalent to our Privacy Policy.

Last updated: July 5, 2026

EU-based providers

ProviderPurposeCategoryLocation
RailwayApplication hosting & infrastructureHostingEU (Frankfurt)
VercelFrontend hosting & CDNHostingEU edge nodes

US-based providers (SCCs / adequacy)

ProviderPurposeCategoryTransfer basis
StripePayment processingPaymentsSCCs
PostHogProduct analytics & session recordingAnalyticsEU cloud (Frankfurt)
SentryError monitoring & performanceErrorsSCCs
OpenAIAI-powered CV analysis & matchingAISCCs
SuperTokensAuthentication & session managementAuthSelf-hosted / SCCs
GoogleOAuth social loginAuthSCCs

Self-hosted / no data transfer

ComponentPurposeNotes
PostgreSQL (via Railway)Primary databaseHosted in EU Frankfurt region
Redis (via Railway)Caching & rate limitingHosted in EU Frankfurt region
International transfers: Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or the provider operates from an EU region with no cross-border transfer of personal data.

Questions? Email us at privacy@tulipp.io · Privacy Policy