Subprocessors

Last updated: March 2026

CandleKeep uses the following third-party service providers (subprocessors) that process data on our behalf as part of providing the CandleKeep service. We vet each subprocessor for security posture, applicable certifications, and data-processing terms before onboarding them, and we limit access to the minimum data each provider needs to do their job.

The table below lists every vendor that touches customer data, the purpose they serve, the categories of data they process, where that data is stored, and the compliance frameworks each vendor attests to. If you need a copy of a specific Data Processing Agreement, contact us at the email address below.

Subprocessor	Purpose	Data Processed	Location	Compliance	DPA Availability
Clerk	Authentication & user management	Email, name, profile image	US	SOC2 Type II	Available
PostHog	Product analytics	Usage events, device info (with consent)	EU (Frankfurt)	SOC2 Type II	Available
Railway	Application hosting & database	All application data	US	SOC2 Type II	Available
Railway Buckets	File storage	Uploaded documents	US	Via Railway SOC2	Via Railway
Polar	Subscription billing	Email, subscription status, payment data (via their payment processor)	EU (Sweden)	GDPR self-certified*	Available
Cloudflare	DNS & email routing	Domain traffic metadata, email addresses (routing)	Global	SOC2 Type II, ISO 27001	Available
Resend	Transactional email delivery	Email addresses, email content	US	SOC2 Type II	Available

*GDPR compliance is self-reported by the vendor and has not been independently verified.

Data processing is governed by each vendor's standard data processing terms, which are incorporated by reference. For details on specific DPA arrangements, contact [email protected].

Changes to Subprocessors

We commit to providing at least 30 days' notice before adding new subprocessors. To subscribe to updates about subprocessor changes, contact us at [email protected].

Questions

If you have questions about our subprocessors, contact us at [email protected].