Privacy Policy
Last updated: 2026-05-12
1. Plain-language summary
You can read the full policy below. If you only want the substance, this is it.
Vitao is a resume builder. To build and deliver your resume, we process personal data: the contact details and work-history information you put into the resume, the email address you use to sign in, the photo you upload (if any), the payment-related metadata that flows back from Stripe after a purchase, and the technical logs every web service generates. We process this data for one reason: to operate the Service for you.
We do not sell your data. We do not share your data with advertisers. We do not run advertising trackers on the Service. We do not train machine-learning models on the resumes you write or the photos you upload. If we ever decide to do any of those things in the future, we will ask for your separate, informed consent first, and the answer “no” will not affect your access to the Service.
You have the rights the GDPR gives you (and, if you live in California or another U.S. state with a comparable statute, the rights that statute gives you). You can exercise them by emailing privacy@vitao.io.
If you want the detail, the rest of the policy is the detail.
2. Who is responsible for your data
The controller of the personal data described in this policy is:
TYPE10 Media GmbH
Einseleweg 1
81377 München
Germany
Commercial register: Amtsgericht München, HRB 205083
VAT: DE289079639
Managing Director: Christian Neuhäuser
Data-protection inquiries: privacy@vitao.io
General support: support@vitao.io
Statutory imprint: vitao.io/imprint
We have not appointed a formal Data Protection Officer because our processing activities do not meet the thresholds in Article 37(1) GDPR. The privacy@vitao.io address is monitored by the company officer responsible for privacy compliance.
3. Scope of this policy
This policy describes how we process personal data when you use vitao.io, the related apps and domains we operate, and any support, billing, or marketing channels we use to communicate with you. It does not cover websites or services operated by third parties that we link to, even where we name them in this policy. When you follow such a link, that third party becomes the relevant controller or operator for its own processing; please read its privacy notice.
This policy is written for the Service as a whole. Where a particular flow has its own specific notice (for example, the cookie banner shown on first visit), that notice is in addition to, not in place of, this policy.
4. Categories of personal data we process
We process the categories of data described below. The “purpose” and “legal basis” columns are the operative legal classification under GDPR Articles 6 and 9; the prose in each section explains the purpose in plain language.
4.1 Account and identity data
What it is: your email address, the name you put into your resume (which we use as a display name), the language and country signal you provide or that we infer from your browser, and the timestamps of account events (created, last sign-in, magic-link issued, account deleted).
Why we process it: to give you an account, to send you the magic-link email each time you sign in, to communicate with you about the Service (refunds, security notices, terms changes), and to enforce our agreement with you.
Legal basis: performance of the contract you enter into when you start using the Service (Article 6(1)(b) GDPR), and our legitimate interest in operating and securing the Service (Article 6(1)(f) GDPR), balanced against your reasonable expectation that an account-bearing service will retain enough data to recognize you on your next sign-in.
4.2 Resume content
What it is: everything you type, paste, drag, or upload into the resume editor. This typically includes your full name, address, phone number, email address, work history, education, skills, languages, references, hobbies, and a free-form profile or summary section. It will sometimes include sensitive information you choose to include (for example, membership of a religious or political affiliation, a disability declaration in a country where this is conventional, or a date of birth where this is requested by employers in your market). We do not solicit special-category data and we recommend you do not include it, but the Service does not block you from including it.
Why we process it: to render your resume on screen, to lay it out across pages, to produce the downloadable PDF, and to keep your work in progress so that you can come back to it on the next session.
Legal basis: performance of the contract (Article 6(1)(b)). Where you voluntarily include special-category data within the meaning of Article 9 GDPR, the legal basis is your explicit consent under Article 9(2)(a), given by your act of typing the information into the editor with the express understanding (set out here and at the point of input) that the information will be stored as part of your resume.
Other people in your resume. Your Resume Content will often include personal data about third parties — most commonly the name, job title, employer, email address, and phone number of each person you list as a reference. We process that information only to render and store your resume; we do not contact those people, profile them, or use their details for anything else. We rely on your representation that you are entitled to share their details with us — in practice, that you have asked them and they have agreed — and our own legal basis for processing it is our legitimate interest (Article 6(1)(f) GDPR) in providing the resume-building service you asked for. If a referee or other third party objects to our processing of their data, they can write to privacy@vitao.io and we will remove their details.
4.3 Profile photo (optional)
What it is: a photo you choose to upload for inclusion on a template that supports a profile photo. We process it on the server with the sharp image-processing library to honor EXIF orientation, normalize the format to PNG, and resize it to a maximum of 1920×1920 pixels. We store the processed bytes in our object storage and reference them from your resume.
Why we process it: to include the photo on the rendered resume.
Legal basis: performance of the contract (Article 6(1)(b)). The photo is not used for any biometric, recognition, classification, or inference purpose. It is not run through any machine-learning model. The processing is outside the scope of Article 9(1) GDPR.
4.4 Payment metadata
What it is: when you pay, the payment is processed by Stripe (see Section 9). We do not receive your full card number or any other payment instrument details. From Stripe we receive a payment identifier, the amount, the currency, the country and approximate location of the card issuer, the result of the payment (succeeded, declined, refunded), and where applicable a tax-residence signal we use to determine VAT.
Why we process it: to mark your account as paid, to fulfill our VAT and bookkeeping obligations, to issue refunds, and to investigate payment fraud.
Legal basis: performance of the contract (Article 6(1)(b)) for the purchase itself; legal obligation (Article 6(1)(c) GDPR, in combination with §§ 147 AO, 257 HGB) for accounting and tax record retention; and our legitimate interest in fraud prevention (Article 6(1)(f)).
4.5 Communication content
What it is: the body of any email, support request, or refund request you send us, and our reply.
Why we process it: to answer your question, to administer the money-back guarantee, and to keep an internal record of how we handled the request in case it comes up again.
Legal basis: performance of the contract (Article 6(1)(b)) where the communication is about an existing or pending purchase, and our legitimate interest in being able to retrieve the history of a support interaction (Article 6(1)(f)) otherwise.
4.6 Server logs and technical telemetry
What it is: the IP address from which you connect, the user-agent string of your browser, the request path and timing, error stack traces produced by the application, and similar information that any web service automatically produces.
Why we process it: to operate the Service, to detect and respond to abuse and security incidents, to debug errors, and to capacity-plan.
Legal basis: our legitimate interest in operating the Service (Article 6(1)(f)). Logs are aggressively rotated; see Section 11.
4.7 Cookies and similar storage on your device
What it is: a small set of identifiers and state stored on your device by the browser. The detail is in Section 7.
Why we process it: to keep you signed in, to keep your in-progress resume associated with you across sessions, and to remember your choice on the cookie banner.
Legal basis: strictly necessary cookies are processed under Article 6(1)(b) GDPR and are exempt from consent under § 25(2) Nr. 2 TTDSG. We do not currently set any cookies that would require consent. If we ever do, the consent banner will collect that consent explicitly.
5. How we collect personal data
The vast majority of the data we hold about you comes from you: directly typed into the editor, the email field, or a support message. The exceptions are narrow and listed below.
From your browser, automatically. Server logs, the IP address you connect from, and the user-agent string of your browser are produced by the underlying networking stack of any web service. We do not deploy any third-party tracker or pixel that would silently collect additional information.
From Stripe, after you pay. The payment metadata in Section 4.4 is returned to us by Stripe through the webhook described in Section 9. We do not receive your card number.
From AWS SES, when an email bounces or is complained about. When we send a magic link or other transactional email, AWS Simple Email Service tells us whether the message bounced or whether the recipient marked it as spam. We use that signal to suppress further mail to a broken address, not to profile you.
We do not buy personal data from data brokers. We do not enrich your profile from third-party sources. We do not import data from social networks. The Service has no social-login or “import from LinkedIn” feature at launch and we have no plans to add one without your separate consent.
6. What we do not do
This is unusual for a privacy policy and we include it deliberately because the category we compete in has a long history of doing the opposite of what we say below. The statements in this section are binding promises on which you may rely; we will not change them without giving you the same notice we give for material changes elsewhere in this policy (Section 16).
We do not sell your personal data. Not to advertisers, not to data brokers, not to recruiters, not to staffing agencies, not in exchange for money, services, or any other valuable consideration.
We do not share your personal data for cross-context behavioral advertising. We do not run advertising tags on the Service and we do not pass data to ad networks. The Service is paid for by your purchase, not by your attention.
We do not train machine-learning models on your resume content or your photo. Not our own models, not our sub-processors’ models. If we ever introduce a feature that would benefit from training on content of this kind, we will ask for your separate, informed consent before it begins. Declining will not affect your access to the Service.
We do not use your contact details to email you anything you did not ask for. Magic-link sign-in emails, transactional emails about your account, refund correspondence, security and Terms-change notices, and replies to your support requests are part of the Service and you cannot opt out of them while you have an account (you can close the account). Anything else — newsletters, product announcements, market research — is opt-in and you can unsubscribe at any time without losing access.
We do not share resume content with prospective employers, recruiters, or job boards on your behalf. The PDF you download is yours to send wherever you want. We are not a job board and we do not have a “send to employer” feature.
7. Cookies and similar technologies
When you visit the Service, we use a small number of cookies and related browser-storage mechanisms.
Strictly necessary. These keep the Service working and do not require your consent under § 25(2) TTDSG and the equivalent provisions in EEA member states.
- A signed authentication token (
vitao_token) that identifies your session, set after you complete the magic-link flow. - An anonymous-session identifier that ties an in-progress resume to your browser before you provide an email address.
- A
cookie_consentflag that stores your choice on the cookie banner so we do not show it again on the next visit, and a pairedvitao_consent_sididentifier (a random UUID) used solely to attach your banner decisions to our consent audit log so we can prove what was chosen and when.
Analytics (consent required). When you opt in via the cookie banner, we load Google Analytics 4 (GA4) through Google Tag Manager. GA4 sets two cookies on your device: _ga (a randomized client identifier, retained for 13 months) and _ga_<property-id>(a session counter, retained for 13 months). Data is sent to Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) acting as our processor under Article 28 GDPR. We have configured the GA4 property with IP anonymization, Google Signals off, all advertising features off, granular location collection off, data retention set to 14 months, and the EU data-processing region. We rely on Google's certification under the EU-U.S. Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795) for any onward transfer to the United States; the Standard Contractual Clauses in Google's Data Processing Terms apply as a fallback.
Google receives the same data it would receive on any GA4-instrumented site: a randomized client ID, the URLs you visited, the user-agent string of your browser, an approximate region derived from your IP after anonymization, and a small set of standard event parameters from these named events: page_view, wizard_step_completed, resume_created, download_clicked, and purchase_complete. It does not receive your name, email address, resume content, or any other text you typed into the editor.
You may withdraw consent at any time by clicking Cookie settings at the bottom of any page; on withdrawal we delete the GA cookies and stop sending events. Legal basis: Article 6(1)(a) GDPR (consent) for the analytics processing, plus § 25(1) TTDSG for the storage of the cookies on your device.
Before consent, Google Tag Manager runs in Consent Mode v2 with all storage signals defaulted to denied. In that state Google may receive cookieless modeling pings — anonymous pings that do not set a cookie and do not contain identifiers — that are used to model aggregate trends. If you reject analytics in the banner, modeling pings continue at the same denied level until you change your mind. If this is not acceptable to you, do not load the Service.
Advertising and marketing. None. We do not deploy advertising cookies, conversion pixels, social-media tracking pixels, or remarketing tags. We do not have a Facebook, Google Ads, TikTok, or LinkedIn pixel installed on the Service.
Local storage. A small set of localStorage keys (described in CLAUDE.md, summarized: vitao_token, vitao_resume_id, vitao_pending_email_verification, vitao_pending_dev_link, vitao_consent_sid, cookie_consent) is used for the same operational reasons as the cookies above.
You can delete cookies and local storage at any time through your browser. Deleting the authentication token will sign you out; deleting the anonymous-session identifier before you provide an email will lose the in-progress work that is associated with that identifier only.
8. Automated decision-making and profiling
We do not make decisions about you that produce legal effects or similarly significantly affect you on a basis that is solely automated, within the meaning of Article 22 GDPR. We do not profile you for marketing, scoring, or risk purposes. The Service does not score, rank, or rate the resume you produce.
The PDF render cache (described in Section 4 above and in our engineering documentation) is a deterministic content-addressed short-circuit, not profiling: the same input produces the same hash and the same PDF, every time, with no learning, classification, or inference about you.
9. Recipients and sub-processors
We use a small number of service providers to operate the Service. Each of them processes personal data on our instructions, under a written data-processing agreement that meets the requirements of Article 28 GDPR. The categories are listed below; the named sub-processors at the time of publication are listed in Annex B and will be kept up to date.
Hosting and compute. A managed cloud provider runs the web service, the PDF worker, and the application database that holds your account and resume content.
Object storage. A cloud object-storage provider holds your profile photo (if any) and the rendered PDF files.
Email delivery. A managed email-sending API delivers the magic-link emails, the transactional emails about your account, and the refund correspondence.
Payments.Stripe processes your payment. The full data flow is described in our T&Cs. You provide your payment instrument directly to Stripe; we receive only the metadata in Section 4.4 above.
Customer support tooling. When you contact us at support@vitao.io or privacy@vitao.io, the email lands in the same managed mailbox we use for all human correspondence. We do not currently use a third-party support-ticketing platform.
We do not share personal data with anyone outside this list except: (a) where you have given us specific consent for a particular disclosure; (b) where a competent authority makes a lawful request to which we are obliged to respond; (c) where we are required to protect the rights, property, or safety of the company, our customers, or the public; or (d) in connection with a corporate transaction (merger, acquisition, sale of assets), in which case the acquirer will be bound by this policy or by a successor policy at least as protective.
10. International transfers
We are a German company. Some of our sub-processors are headquartered in the United States and some of the infrastructure they operate is located in the United States. This means your personal data leaves the European Economic Area in the course of normal operation of the Service.
Where the receiving sub-processor participates in the EU-U.S. Data Privacy Framework, we rely on that adequacy decision (Commission Implementing Decision (EU) 2023/1795) for the transfer.
Where a sub-processor is not DPF-certified, we rely on the European Commission’s 2021 Standard Contractual Clauses (Module 2 for controller-to-processor transfers, Module 3 where the sub-processor sub-contracts onward). We have completed a transfer-impact assessment for each such transfer and have applied the supplementary measures the assessment identified.
You can request a copy of the relevant transfer mechanism for any specific sub-processor by emailing privacy@vitao.io.
11. Retention
We keep personal data only as long as we need it for the purposes set out in Section 4, or as long as we are required to keep it by law. The default schedule is below; specific items may be kept longer where this is necessary to defend a legal claim or to comply with a specific legal obligation.
| Category | Retention period |
|---|---|
| Resume content (active accounts) | Until you delete the resume, delete your account, or are deleted under the inactivity rule below. |
| Account record | Until you delete the account or 24 months after your last sign-in (whichever comes first). We send a reminder email at least 30 days before an inactivity-based deletion. |
| Profile photo | Same as resume content. |
| Payment metadata (the operational copy on our side) | 30 days after the relevant purchase or refund completes, then aggregated for fraud-pattern analytics with personal identifiers removed. |
| Accounting and tax records | 10 years from the end of the calendar year in which the transaction occurred (§ 147(3) AO, § 257(4) HGB). |
| Server access logs | 14 days, then aggregated counts only. |
| Application error logs | 30 days. |
| Email-bounce and spam-complaint signals | Retained for as long as we need them to keep suppressing mail to the failed address (in practice, indefinitely for that address). The copy linked to an account is deleted when the account is deleted. |
| Support correspondence | 3 years after the request closes (Verjährungsfrist § 195 BGB). |
| Cookie-consent record | 12 months from the last consent action, then re-prompt. |
| Unsubscribe / opt-out flags | Indefinitely, so we honor your choice if you return. |
When the retention period for a category expires, we delete or irreversibly anonymize the data.
12. Security
We apply the technical and organizational measures expected of a modern, security-aware web service operator, including: TLS in transit on all public endpoints; at-rest encryption on the application database and the object store; least-privilege access control on production systems with multi-factor authentication on every privileged human account; magic-link authentication that removes user-chosen passwords from the threat surface; signed short-lived JWTs for session authentication; isolated container environments for the web tier and the PDF worker; regular dependency upgrades and an automated CVE alerting feed; and immutable infrastructure deploys that allow rollback to a known-good state.
No system can guarantee absolute security. If we discover a personal data breach that creates a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours under Article 33 GDPR and, where the risk is high, will notify you under Article 34 without undue delay.
13. Your rights under the GDPR
If you are in the EEA, the United Kingdom, or Switzerland, you have the rights described below. (If you are in the United States, see Section 14 in addition.)
Right of access (Article 15). You can ask us whether we are processing personal data about you and, if so, to give you a copy together with the supplementary information in Article 15(1).
Right to rectification (Article 16). You can ask us to correct inaccurate data and to complete incomplete data.
Right to erasure (Article 17). You can ask us to delete your data. We will do so unless we have a remaining legal basis to keep it (for example, accounting records of a payment you made), in which case we will delete the parts we are not required to keep and explain which parts we are.
Right to restriction (Article 18). You can ask us to stop processing your data while a dispute about its accuracy or lawfulness is being resolved.
Right to data portability (Article 20). You can ask for a copy of the data you provided to us in a structured, commonly used, machine-readable format. The resume editor exposes a “Download my data” function that fulfills this right for the account-and-resume data; for anything outside that scope, email privacy@vitao.io.
Right to object (Article 21). You can object to processing based on our legitimate interest. Where we are processing your data for direct marketing, your objection takes effect immediately and unconditionally; where we are processing it for any other legitimate-interest purpose, we will assess whether we have overriding compelling grounds and reply to you on that basis.
Right not to be subject to a decision based solely on automated processing (Article 22). As described in Section 8, we do not make such decisions, so this right is not engaged. We list it for completeness.
Right to withdraw consent (Article 7(3)). Where we are processing data on the basis of your consent, you can withdraw the consent at any time, and we will stop. The withdrawal does not affect the lawfulness of the processing that took place before the withdrawal.
Right to lodge a complaint (Article 77). You may complain to a supervisory authority. Our lead supervisory authority is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA). You may also complain to the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement.
How to exercise these rights. Email privacy@vitao.io. Tell us which right you are exercising and, if it would help us identify you, the email address on your account. We will reply within 30 days. If your request is unusually complex or you have made several requests in quick succession, we may extend the response time by up to 60 days, in which case we will tell you within the first 30 days and explain why.
We will not charge for handling your request unless it is manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse the request, and we will explain why). We will not discriminate against you for exercising any of these rights.
14. Notice to U.S. residents (CCPA / CPRA and analogous state laws)
This section is in addition to, not in place of, the rest of this policy. The terms in quotation marks have the meanings given to them in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), and the analogous state-level statutes in force at the time of the transaction (including, where applicable, Virginia’s VCDPA, Colorado’s CPA, Connecticut’s CTDPA, Utah’s UCPA, Texas’s TDPSA, and Oregon’s OCPA).
Categories of personal information. In the twelve months preceding the date of this policy, we collected the following categories of personal information, the sources of which are described in Section 5:
- identifiers (name, email address, IP address, account identifier);
- categories listed in Cal. Civ. Code § 1798.80(e) (postal address, telephone number, education, employment) — to the extent you put them in your resume;
- internet or other electronic network activity (request paths, timing, user-agent);
- geolocation information at the country level inferred from your IP address;
- visual information (the profile photo, if you upload one);
- professional or employment-related information (the work-history, education, and skills sections of your resume);
- inferences — none. We do not derive inferences from the personal information we collect.
Sale and sharing. We do not “sell” personal information for monetary or other valuable consideration, and we do not “share” personal information for “cross-context behavioral advertising,” in either case as those terms are defined under the CCPA. We have not done so in the twelve months preceding this policy. We therefore do not provide a “Do Not Sell or Share My Personal Information” link; that link is reserved for businesses that engage in those practices, and the absence of the link reflects the absence of the practice.
Sensitive personal information. We do not use or disclose “sensitive personal information” to infer characteristics about you under the CCPA and we therefore do not provide a “Limit the Use of My Sensitive Personal Information” link.
Your rights. Subject to verification, you have the right to:
- know the categories and specific pieces of personal information we have collected about you;
- request that we correct inaccurate personal information;
- request that we delete personal information we collected from you;
- request that we limit our use of sensitive personal information (as described above, this right is not engaged but we list it for completeness);
- not be retaliated against, denied service, or charged a different price for exercising any of the rights above.
How to exercise these rights. Email privacy@vitao.io with the words “U.S. privacy request” in the subject line and tell us which right you are exercising. We will verify your identity to the level of confidence the requested action warrants — typically by sending a confirmation email to the address on your account. You may use an authorized agent; we may require the agent to provide written authorization and may verify the request directly with you.
Response time. We will reply within 45 days. We may extend the deadline by an additional 45 days where reasonably necessary, with notice to you within the first 45 days.
Appeals (where required). If your state’s law provides an appeal right (for example, Virginia, Colorado, Connecticut, Texas) and you are dissatisfied with our response, email privacy@vitao.io with the word “Appeal” in the subject line and we will conduct an internal review and respond within 60 days. If the appeal is denied, you may contact your state Attorney General.
Shine the Light (California Civil Code § 1798.83). We do not share personal information with third parties for their direct marketing purposes. No further disclosure under this statute is required.
15. Children
The Service is not directed to and not designed for users under the age of 16. We do not knowingly collect personal information from anyone under 16. If you are a parent or legal guardian and you believe a child under 16 has provided us with personal information in violation of this policy, email privacy@vitao.io and we will delete it promptly.
For the United States: where the Children’s Online Privacy Protection Act (“COPPA”) applies, we do not knowingly collect personal information from a child under 13 without verifiable parental consent.
16. Changes to this policy
We may update this policy from time to time. If a change is material — for example, we begin using a new category of sub-processor, we add an analytics tool, or we change a retention period in a way that disadvantages you — we will give you at least 30 days’ notice by email and through a prominent notice on the Service before the change takes effect. Non-material changes (for example, fixing a typographical error or updating a contact detail) take effect when published.
We will keep prior versions of this policy available at vitao.io/privacy/archive.
17. Contact
For privacy-related inquiries — exercising any of the rights in Sections 13 or 14, asking for a copy of a specific transfer mechanism, or asking us a question about how we handle your data — email privacy@vitao.io.
For all other matters, see the contact information in our T&Cs and in our statutory imprint at vitao.io/imprint.
Annex A — Glossary
Anonymous user. An account that exists on our servers and holds in-progress resume data but is not yet associated with an email address. Created automatically on first visit. Promoted to a verified account on first magic-link sign-in.
Magic link. A one-time, time-limited URL we email to you at sign-in. Visiting the URL signs you in. We do not use passwords.
Personal data / personal information. Any information that relates to an identified or identifiable natural person, as defined in Article 4(1) GDPR; the corresponding U.S. term is “personal information” as defined in Cal. Civ. Code § 1798.140(v).
PDF render cache. A content-addressed short-circuit that avoids re-rendering an identical PDF; explained in our engineering documentation. Not a profiling, scoring, or inference mechanism.
Resume Content.Defined in our T&Cs (Section 5): the content you put into your resume.
Service.Defined in our T&Cs (Section 1): vitao.io and the related apps and services that link to these documents.
Special-category data. The categories listed in Article 9(1) GDPR (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data uniquely identifying a person, health data, sex life, sexual orientation).
Sub-processor. A service provider that processes personal data on our instructions under a written processor agreement.
Annex B — Sub-processor list (as of 2026-05-12)
This list will be updated as our service-provider stack evolves. Where the change is material under Section 16, we will give 30 days’ notice; where it is the routine substitution of a like-for-like service, we will update this list and announce the change in our changelog.
| Sub-processor | Role | Headquarters | Data location at rest | Transfer mechanism |
|---|---|---|---|---|
| Stripe Payments Europe Ltd (Stripe, Inc. group) | Payment processing | Ireland (group: U.S.) | Ireland; U.S. for some operational subsystems | Stripe processes EU payment data primarily in the EU; U.S. transfers under DPF certification and SCCs |
| Fly.io, Inc. | Application hosting (web, worker, Postgres) | United States | United States (region iad, Virginia) at the time of this draft | DPF certification status to be confirmed; SCCs in place via the Fly.io Data Processing Addendum |
| Tigris Data, Inc. | S3-compatible object storage (resume photos and PDFs) | United States | United States by default at the time of this draft | DPF certification status to be confirmed; SCCs in place via the Tigris Data Processing Addendum |
| Amazon Web Services, Inc. (Simple Email Service, SNS, Lambda) | Transactional email delivery, plus bounce and spam-complaint feedback processing | United States | United States (region us-east-1, N. Virginia) at the time of this draft | DPF certification (AWS) and SCCs |
| Google Ireland Limited (Google LLC group) | Web analytics (Google Analytics 4 via Google Tag Manager) — only after consent | Ireland (group: U.S.) | European Union (data-processing region: eu) | DPF certification (Google LLC); SCCs in place via Google's Data Processing Terms |