Current sub-processors
| Provider | Role | Region | Data |
|---|---|---|---|
| Supabase, Inc. | Hosted Postgres database, authentication, file storage. | EU (eu-west-2, London) | All application data: company, recruiter, candidate, portal, telemetry, audit. |
| Vercel Inc. | Application hosting, edge middleware, scheduled jobs. | EU function region where supported; global edge cache. | Request logs (IP, user agent, path). No application state. |
| Anthropic, PBC | Large-language-model API for the candidate AI prep assistant and recruiter content drafting. | United States (transfer covered by Standard Contractual Clauses). | Questions typed into the prep assistant; recruiter-supplied portal grounding text. Anthropic does not train on API inputs. |
| Resend, Inc. | Transactional email delivery (portal invites, stage updates, password resets). | EU region available. | Recipient email, sender identity, subject, body, delivery status. |
| Upstash, Inc. | Rate-limiting and short-lived cache (Redis). | EU region where configured. | IP addresses, portal tokens (hashed), and counters used to throttle abusive traffic. No durable personal data. |
| Functional Software, Inc. (Sentry) | Error reporting. | EU (Frankfurt). | Error stacks and runtime context. Emails and cookie values are scrubbed before send; portal URLs are rewritten to remove candidate tokens. |
| Stripe, Inc. | Payment processing and subscription billing. | Global, with EU data residency for EEA customers. | Recruiter account holder name, billing address, payment method. Card numbers are stored only by Stripe. |
Sub-processor commitments
Each provider above is contracted under terms that require: appropriate technical and organisational security measures, processing only on our documented instructions, notification of personal-data breaches, support for data subject rights, and (where the provider operates outside the UK / EEA) Standard Contractual Clauses for cross-border transfers.
Notification of changes
New sub-processors are added to this page at least 14 days before they begin processing customer data, unless the change is required for security or legal compliance. Recruiter customers may object to a new sub-processor by writing to privacy@candidhq.tech within that window; if we cannot accommodate the objection we will work with the customer to terminate the affected service.
See also: Privacy Policy, Data Processing Agreement, Trust & Security.