Data Processing Addendum
Please contact us if you would like to review and sign our DPA - either for GDPR (EU or UK) purposes, or for CCPA (California).
Tallyfy complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Tallyfy has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Tallyfy has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Sub-processors
Tallyfy engages the following sub-processors to provide the service. The list reflects sub-processors as of the last update date of this page; we update it whenever a sub-processor is added, removed, or replaced. To receive notification of changes, please contact us.
| Sub-processor | Purpose of processing | Location of processing |
|---|---|---|
| Amazon Web Services, Inc. (AWS) | Primary cloud infrastructure (compute, database, storage, IAM, networking) | United States (us-west-2) |
| Cloudflare, Inc. | DNS management, WAF, CDN, edge compute (Workers), R2 storage | United States (with global edge network) |
| GitHub, Inc. | Source code repository, issue tracking, CI/CD | United States |
| Google LLC (Google Workspace) | Business email, document collaboration, internal communications | United States (with global infrastructure) |
| Recurly, Inc. | Subscription billing and payment processing | United States |
| Help Scout PBC | Customer support help desk and email management | United States |
| DeployBot (Wildbit, LLC) | Deployment automation for staging and production | United States |
| Functional Software, Inc. (Sentry) | Application error monitoring and performance tracking | United States |
| PostHog, Inc. | Product analytics and user behaviour tracking | United States and United Kingdom |
| Simploy, Inc. | HR and payroll administration for U.S.-based personnel | United States |
Each sub-processor is bound by contractual data protection terms equivalent to those in our DPA. Where personal data of EU, UK, or Swiss residents is transferred outside its country of origin, the transfer is governed by the EU-U.S. DPF, the UK Extension, the Swiss-U.S. DPF, or the European Commission's Standard Contractual Clauses, as applicable.