Last updated: 2026-05-11
Sub-processors
ResumesTailor engages the third-party service providers listed below (“sub-processors”) to help us operate the Service. Each sub-processor processes personal data on our behalf, on our instructions only, and under a written agreement that requires them to apply appropriate security and confidentiality safeguards.
We review each sub-processor before onboarding and at least annually thereafter. We will update this page before adding or replacing a sub-processor that processes personal data; for material changes we will give at least fourteen (14) days’ notice in-app or by email so you have an opportunity to object.
Infrastructure
| Provider | Purpose | Data processed | Location | Policy |
|---|
| Vercel Inc. | Application hosting, CDN, edge runtime. | All user data in transit; logs. | United States (primary), global edge. | View |
| Supabase Inc. | PostgreSQL database hosting. | All persistent application data: accounts, resumes, cover letters, portfolios, job applications, payments, audit logs. | United States (selected region). | View |
| Upstash Inc. | Redis cache and QStash message queue for rate limiting, caching, and asynchronous job processing. | Ephemeral cache keys (quota counters, idempotency records, optimization job payloads). PII caches are encrypted at rest. | United States. | View |
| Cloudflare Inc. | DNS resolution and edge security (via Vercel). | IP addresses, request metadata in transit. | Global edge network. | View |
AI
| Provider | Purpose | Data processed | Location | Policy |
|---|
| Google LLC — Gemini API | Generative-AI inference for resume / cover-letter tailoring. | Resume content, job description, tailoring preferences. Retained by Google for up to 30 days for abuse monitoring; Google states paid-API prompts are not used to train models. | United States. | View |
Auth
| Provider | Purpose | Data processed | Location | Policy |
|---|
| Google LLC — OAuth | Sign-in via Google OAuth. | Email, name, Google account ID, profile image. | Global Google infrastructure. | View |
Payments
| Provider | Purpose | Data processed | Location | Policy |
|---|
| Dodo Payments | Subscription billing and one-time payments. | Name, billing email, billing address, payment-instrument identifiers (handled by Dodo, not stored by us), subscription state. | Per Dodo Payments processing locations. | View |
Enrichment
| Provider | Purpose | Data processed | Location | Policy |
|---|
| Apollo.io | Referral contact discovery (only when you use the referral search feature). | Company name, role, search criteria you submit; Apollo returns public business-contact data which we cache (encrypted) for up to 24 hours. | United States. | View |
Analytics
| Provider | Purpose | Data processed | Location | Policy |
|---|
| PostHog Inc. | Product analytics (event-level + funnel + session-level metrics). | Only set when the PostHog key is configured for the environment AND you have consented via the cookie banner. Pseudonymous user IDs, event names, page URLs, basic device info. | United States or European cloud (configured per deployment). | View |
Notification of changes
Customers and users who wish to be notified of changes to this sub-processor list can subscribe to updates by emailing support@resumestailor.com with the subject line “Subprocessor notifications”.