Kuppel
Draft This page is under legal review and will be finalised before public launch.

Sub-processors

Last updated: 18 May 2026

Kuppel uses the following third-party service providers (sub-processors) to deliver the app. Unless stated otherwise below, each provider is bound by a data processing agreement and processes personal data only on our instructions. This page is updated whenever we add, remove, or change a sub-processor.

Unless stated otherwise, each provider acts as a processor or sub-processor in relation to the data described. For an explanation of the data we share with each provider and why, see Section 4 of our Privacy Policy.

Supplementary measures across all providers: In addition to the per-provider safeguards listed below, Kuppel applies TLS 1.2 or higher in transit for all data flows; AES-256 encryption at rest for database backups held by third parties; Fernet symmetric encryption for sensitive database fields; hashed (non-reversible) lookups for email addresses and phone numbers; access controls including two-factor authentication for administrative systems and a randomised Django admin URL; and a minimum-necessary data principle applied when specifying what each provider receives.

Cloudflare

Photo storage, encrypted database backup storage, content delivery, CSAM scanning, website hosting, website visitor analytics, and contact-form bot protection.

What they do for Kuppel
Store user photos in R2 object storage, serve static website assets through their global CDN, and scan uploaded photos against industry-standard CSAM hash databases, with confirmed matches reported to the National Center for Missing & Exploited Children (NCMEC) and law enforcement as required by law. Store encrypted backups of Kuppel's production PostgreSQL database in R2 for disaster recovery; backups are encrypted client-side with AES-256 (GPG symmetric) before upload, so Cloudflare stores ciphertext only and cannot decrypt the contents. Host the kuppel.app marketing website (not the Kuppel app itself) via Cloudflare Pages. Collect privacy-friendly, cookie-free visitor analytics for the marketing website through the Cloudflare Web Analytics beacon, which measures aggregated page-view counts and performance timings. Protect the website's contact form against automated submissions via Cloudflare Turnstile, which collects browser fingerprint and visitor IP to distinguish humans from bots.
Data we send them
  • User-uploaded photos
  • Encrypted backups of Kuppel's production PostgreSQL database (containing user profiles, matches, messages, and account records, encrypted client-side with AES-256 before upload)
  • Website traffic metadata (IP address, user agent, request headers)
  • Marketing website visitor metadata (page URL, referrer, timing, visitor IP). The Kuppel app does not send analytics to Cloudflare.
  • Contact-form submissions, including browser fingerprint and IP address for Turnstile bot detection
Role
Processor
Legal entity
Cloudflare, Inc.
Registered office
101 Townsend Street, San Francisco, CA 94107, United States
Company number
Delaware corporation, file number 4710875
Where they process your data
United States, with edge processing across Cloudflare's global network. Photos and encrypted database backups in R2 use Cloudflare's Western Europe location hint, a best-efforts setting that directs Cloudflare to place the data in Western Europe. This is a location hint rather than a jurisdictional lock; Cloudflare may replicate or route objects globally where necessary to operate the service.
Transfer safeguard for UK→US
EU Standard Contractual Clauses with the UK International Data Transfer Addendum. Cloudflare is also self-certified under the EU-U.S. Data Privacy Framework and the UK Extension, providing a second adequacy basis.
Data processing agreement
cloudflare.com/cloudflare-customer-dpa
Security certifications
ISO 27001 ISO 27701 SOC 2 Type II EU-U.S. DPF (UK Extension)

Zoho

Staff mailbox hosting (inbound and outbound).

What they do for Kuppel
Host the Kuppel staff mailboxes used to receive email from users and suppliers and to send replies back. Transactional email sent by the Kuppel app itself (password resets, match alerts, and similar) does not go through Zoho; that is handled by Resend.
Data we send them
  • Inbound email content (sender address, subject, body, attachments)
  • Outbound replies sent from Kuppel staff mailboxes
Role
Processor
Legal entity
Zoho Corporation Limited (the contracting entity for UK and Isle of Man customers)
Registered office
Suite 1.09, Challenge House, Sherwood Drive, Bletchley, Milton Keynes, Buckinghamshire, MK3 6DP, United Kingdom
Company number
UK Companies House 13424508
Where they process your data
United Kingdom (contracting entity). Email content is stored at Zoho's EU region data centres in the Netherlands. Zoho's global support and engineering teams (primarily in India) may access email content when providing technical support.
Transfer safeguard for onward transfers
The immediate transfer to the UK contracting entity is not a restricted transfer. The onward transfer of email content to Zoho's Netherlands data centres is covered by the UK adequacy regulation for the EEA. Onward transfers to Zoho group entities outside the EEA, including Zoho Corporation Private Limited in India, are covered by Zoho's intra-group EU Standard Contractual Clauses with the UK International Data Transfer Addendum.
Data processing agreement
zoho.com/dpa.html
Security certifications
ISO 27001 ISO 27017 ISO 27018 SOC 2 Type II

Render

Backend application hosting and managed PostgreSQL database.

What they do for Kuppel
Run our Django backend application and host the PostgreSQL database that stores all account data. Hosting is in Render's EU Frankfurt region.
Data we send them
  • All account and profile data, encrypted at rest
  • Application logs and operational telemetry
Role
Processor
Legal entity
Render Services, Inc.
Registered office
525 Brannan Street, Suite 300, San Francisco, CA 94107, United States
Company number
Delaware corporation, file number 6728489
Where they process your data
Frankfurt, Germany (data residency). Render's operational and support staff are based in the United States.
Transfer safeguard for UK→US (operational access)
EU Standard Contractual Clauses with the UK International Data Transfer Addendum, incorporated into Render's Data Processing Addendum.
Data processing agreement
render.com/dpa
Security certifications
ISO 27001 SOC 2 Type II HIPAA GDPR

Firebase (Google)

Push notification delivery via Firebase Cloud Messaging.

What they do for Kuppel
Deliver push notifications to your device through the Firebase Cloud Messaging (FCM) HTTP v1 API. We do not use Firebase for authentication, analytics, or storage.
Data we send them
  • Device push notification tokens
  • Notification type (for example, new match, new message)
  • For notifications that include a first name or short message preview, these are sent as part of the FCM data payload, which the Kuppel app renders locally on your device. They are not set as the visible notification body, so they do not appear on your lock screen. Google's FCM infrastructure transmits this payload over TLS and handles it server-side while in transit.
Role
Processor
Legal entity
Google Ireland Limited (the contracting entity for EEA and UK customers)
Registered office
Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland
Company number
Irish CRO 368047
Where they process your data
Republic of Ireland (contracting entity). FCM operates on Google's global infrastructure, which means push messages may transit through Google data centres in the United States and elsewhere. For iOS devices, Google's FCM infrastructure hands the notification over to Apple's Push Notification service (APNs) for final delivery to your phone; APNs acts as an onward processor of the device token and payload in that last step.
Transfer safeguard for UK→Ireland and UK→US
The transfer to the contracting entity in Ireland is covered by the UK adequacy regulation for the EEA. Onward transfers to Google group entities outside the EEA, including the United States, are covered by Google's Standard Contractual Clauses with the UK International Data Transfer Addendum, and by Google's certification under the EU-U.S. Data Privacy Framework (UK Extension).
Data processing agreement
firebase.google.com/terms/data-processing-terms
Security certifications
ISO 27001 ISO 27018 SOC 2 EU-U.S. DPF (UK Extension)

Twilio

Phone number verification by SMS and voice.

What they do for Kuppel
Send one-time passcodes to your phone by SMS during phone number verification, with a voice call as a fallback delivery method.
Data we send them
  • Your phone number, for the sole purpose of delivering the one-time passcode
Role
Processor
Legal entity
Twilio Ireland Limited (the contracting entity for EEA and UK customers)
Registered office
70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland
Company number
Irish CRO 557454
Where they process your data
Republic of Ireland (contracting entity), with global telecommunications routing to deliver the message to your handset. Twilio group operations and engineering are based in the United States.
Transfer safeguard for UK→Ireland and UK→US
The transfer to the contracting entity in Ireland is covered by the UK adequacy regulation for the EEA. Onward transfers to the Twilio group in the United States are covered by Twilio's UK International Data Transfer Agreement, incorporated into Twilio's Data Protection Addendum.
Data processing agreement
twilio.com/en-us/legal/data-protection-addendum
Security certifications
ISO 27001 ISO 27017 ISO 27018 SOC 2 Type II

Sentry

Error tracking and crash reporting (EU region).

What they do for Kuppel
Collect application error reports and stack traces from our backend and mobile apps so we can diagnose and fix bugs. Our Sentry organisation is configured to use the EU region (de.sentry.io).
Data we send them
  • Error logs, stack traces, and request metadata
  • Direct identifiers are deliberately excluded from Kuppel's logging output at source: names, email addresses, phone numbers, dates of birth, IP addresses, and message content are not written to log output. Sentry's default data scrubber provides a further automatic layer on anything unexpected.
Role
Processor
Legal entity
Functional Software, Inc. d/b/a Sentry
Registered office
45 Fremont Street, 8th Floor, San Francisco, CA 94105-2250, United States
Company number
Delaware corporation, file number 5214647
Where they process your data
Frankfurt, Germany (data residency, hosted on Google Cloud Platform). Sentry's operational and engineering staff are based in the United States.
Transfer safeguard for UK→US (operational access)
EU Standard Contractual Clauses with the UK International Data Transfer Addendum, incorporated into Sentry's Data Processing Addendum. Sentry is also self-certified under the EU-U.S. Data Privacy Framework and the UK Extension, providing a second adequacy basis.
Data processing agreement
sentry.io/legal/dpa
Security certifications
ISO 27001 SOC 2 Type II EU-U.S. DPF (UK Extension)

Resend

Transactional email delivery.

What they do for Kuppel
Send transactional emails (welcome messages, password resets, match notifications, security alerts) from the send.kuppel.app subdomain.
Data we send them
  • Recipient email address
  • Email subject and body content
Role
Processor
Legal entity
Plus Five Five, Inc.
Registered office
2261 Market Street #5039, San Francisco, CA 94114, United States
Company number
Delaware corporation, file number 7168948
Where they process your data
United States.
Transfer safeguard for UK→US
EU Standard Contractual Clauses with the UK International Data Transfer Addendum, incorporated into Resend's Data Processing Addendum. Resend is also self-certified under the EU-U.S. Data Privacy Framework and the UK Extension, providing a second adequacy basis.
Data processing agreement
resend.com/legal/dpa
Security certifications
SOC 2 EU-U.S. DPF (UK Extension)

Tremendous

Referral reward payments.

What they do for Kuppel
Deliver referral reward payments to people who successfully refer a new user. Today we process payments manually through the Tremendous dashboard. We will move to API-driven payments in future.
Data we send them
  • Recipient email address
  • Recipient first name
  • Reward amount and campaign type

When the recipient redeems their reward, Tremendous collects additional details directly from them (for example, delivery address for a physical card, or bank or PayPal details for a cash equivalent). Kuppel does not see these redemption details. Tremendous may also use downstream financial sub-processors, such as prepaid card issuers, to deliver certain reward types.

Role
Processor in relation to the data Kuppel sends. Tremendous may act as a separate controller in relation to any redemption details the recipient chooses to provide directly to Tremendous.
Legal entity
Tremendous, LLC (a US limited liability company)
Registered office
228 Park Avenue South #62949, New York, NY 10003, United States
Company number
Wisconsin LLC, registered in New York as foreign LLC under NY DOS ID 6878614.
Where they process your data
United States.
Transfer safeguard for UK→US
EU Standard Contractual Clauses with the UK International Data Transfer Addendum, incorporated into Tremendous's Data Processing Addendum.
Data processing agreement
tremendous.com/data-processing-addendum
Security certifications
SOC 2

Google (Sign in with Google)

Authentication for users who choose to sign in with their Google account.

What they do for Kuppel
Authenticate users who choose to create or sign into a Kuppel account using their Google account, instead of a password.
Data exchanged
  • From Kuppel to Google: authentication request metadata (our client identifier, and the fact that a sign-in to Kuppel is in progress)
  • From Google to Kuppel on successful sign-in: your email address, name, and a Google user identifier
Role
Independent controller. Google determines the terms on which your Google account authenticates you, and communicates those to you through its own privacy policy.
Legal entity
Google Ireland Limited (the contracting entity for EEA and UK users)
Registered office
Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland
Company number
Irish CRO 368047
Where they process your data
Republic of Ireland (contracting entity), with authentication infrastructure operated globally by the Google group.
Transfer safeguard for UK→Ireland and UK→US
The transfer to the contracting entity in Ireland is covered by the UK adequacy regulation for the EEA. Onward transfers to Google group entities outside the EEA are covered by Google's Standard Contractual Clauses with the UK International Data Transfer Addendum, and by Google's certification under the EU-U.S. Data Privacy Framework (UK Extension).
Governing terms
Google Privacy Policy. Google does not publicly offer a bilateral Data Processing Agreement for Sign in with Google to individual developer accounts through standard channels; the relationship is governed by the Google API Services User Data Policy and Google's public privacy commitments.
Security certifications
ISO 27001 SOC 2 EU-U.S. DPF (UK Extension)

Apple (Sign in with Apple)

Authentication for users who choose to sign in with their Apple ID.

What they do for Kuppel
Authenticate users who choose to create or sign into a Kuppel account using their Apple ID, instead of a password.
Data exchanged
  • From Kuppel to Apple: authentication request metadata (our client identifier, and the fact that a sign-in to Kuppel is in progress)
  • From Apple to Kuppel on first sign-in only: your name, your email address (or a private relay address, if you choose to hide your real email), and an Apple user identifier
Role
Independent controller. Apple determines the terms on which your Apple ID authenticates you, and communicates those to you through its own privacy policy.
Legal entity
Apple Distribution International Limited (the contracting entity for EEA and UK developers)
Registered office
Hollyhill Industrial Estate, Hollyhill, Cork, T23 YK84, Ireland
Company number
Irish CRO 470672
Where they process your data
Republic of Ireland (contracting entity), with authentication infrastructure operated globally by the Apple group.
Transfer safeguard for UK→Ireland and UK→US
The transfer to the contracting entity in Ireland is covered by the UK adequacy regulation for the EEA. Onward transfers to Apple group entities outside the EEA are covered by Apple's Standard Contractual Clauses with the UK International Data Transfer Addendum.
Governing terms
Sign in with Apple & Privacy. Apple does not offer a traditional Data Processing Agreement to individual developers; the relationship is governed by the Apple Developer Programme Licence Agreement and Apple's public privacy commitments.
Security certifications
ISO 27001 ISO 27018 SOC 2 Type II

Anthropic

AI-assisted incident response, admin, and maintenance.

What they do for Kuppel
Provide the Claude API, which we use for AI-assisted handling of work that involves real user data. The scope is a defined set of cases: production-incident investigation, drafting user-facing replies, safeguarding triage, unlawful-acts triage, and operational data corrections. Anthropic does not train its models on Kuppel's data, under its Commercial Terms.
Data we send them
  • Support requests submitted via the contact form on kuppel.app/support
  • Operational data required to investigate or resolve a specific issue

What enters a session is decided incident-by-incident and limited to the minimum needed. Special category data (for example profile photos, age-verification artefacts, and sexual orientation expressed in profile content) is excluded from all AI sessions.

Role
Processor
Legal entity
Anthropic, PBC (a Delaware Public Benefit Corporation)
Registered office
548 Market Street, PMB 90375, San Francisco, CA 94104, United States
Company number
Delaware Public Benefit Corporation, file number 4860621
Where they process your data
United States.
Transfer safeguard for UK→US
EU Standard Contractual Clauses with the UK International Data Transfer Addendum, incorporated into Anthropic's Data Processing Addendum.
Data processing agreement
anthropic.com/legal/data-processing-addendum
Security certifications
SOC 2 Type II ISO 27001 ISO 42001 HIPAA

Notification of changes

If we add a new sub-processor, change an existing one, or remove one we no longer use, we will update this page and the corresponding section of our Privacy Policy. For material changes, we will aim to give at least 14 days' notice before the change takes effect, through an in-app notice or by email where this is practical, so you have time to review it and decide whether you want to continue using Kuppel. Previous versions of this page are preserved in our website's source history and can be provided on request.

Our top-tier sub-processors listed above may engage their own sub-processors to deliver their service. Each provider's up-to-date sub-processor list is maintained by that provider and is linked from their published data processing agreement referenced in the table above.

Questions

If you have questions about any of the providers listed here, or about how we share your data with them, please visit our support page and select "Privacy Request".