Operational transparency
Sub-processors list
These are all the vendors that process data to deliver talyzr. The list is kept in sync with our internal documentation [SEC-015 v1.0.1] and is referenced from our DPA.
Last updated: 2026-05-15 · Version v1.0.0
Active sub-processors
| Vendor | Service | Data processed | Primary location | Legal transfer mechanism | Tier |
|---|---|---|---|---|---|
Amazon Web Services, Inc. Trust page ↗ | Compute (EC2/ECS), CDN (CloudFront), storage (S3), WAF, ALB | All customer data at rest and in transit | São Paulo, Brasil (sa-east-1) | DPA + AWS Standard Contractual Clauses | Critical |
Neon, Inc. Trust page ↗ | Serverless PostgreSQL database | Customer data (Persons, Positions, AuditLog, etc.) | São Paulo, Brasil (sa-east-1, sobre AWS) | DPA Neon | Critical |
Anthropic, PBC Trust page ↗ | LLM (Claude API) for AI Recommender, Agent Taly, Lead Chat | Ephemeral prompts with pseudonymized data — no persistence, no training | Estados Unidos | DPA + Standard Contractual Clauses (UE → US) | Critical |
Voyage AI Innovations, Inc. Trust page ↗ | Embeddings for RAG (skills, KB) | Pseudonymized text — ephemeral | Estados Unidos | DPA + SCCs | Important |
Plus Five Five, Inc. (Resend) Trust page ↗ | Transactional email delivery (mail.talyzr.com) | Recipient email + name, message content | Estados Unidos | DPA + SCCs | Important |
Add Rabbit LLC (PurelyMail) Trust page ↗ | Primary mail server (MX) and transactional email | Recipient email + name, message content | Estados Unidos | DPA + SCCs | Important |
Paddle.com Market Limited Trust page ↗ | Payments, subscriptions, international billing (Merchant of Record) | Customer payment data — talyzr does not store card numbers | Reino Unido / UE | Paddle como Merchant of Record — DPA + UK/EU SCCs | Critical |
Functional Software, Inc. (Sentry) Trust page ↗ | Error and performance monitoring | Stack traces with PII scrubbed before transmission | Estados Unidos | DPA + SCCs | Important |
Upstash, Inc. Trust page ↗ | Redis queue (Bull) for asynchronous jobs | Internal IDs, ephemeral payloads without direct PII | Estados Unidos (regiones configurables) | DPA | Important |
HubSpot, Inc. Trust page ↗ | CRM — only for leads captured on the landing site | Lead email + name + company | Estados Unidos | DPA + SCCs | Important |
GitHub, Inc. Trust page ↗ | Source code repository, CI/CD (GitHub Actions) | Source code, encrypted secrets — no production customer data | Estados Unidos | DPA + SCCs | Important |
Notion Labs, Inc. Trust page ↗ | Internal knowledge base synced from the repo | talyzr internal documentation — no customer data | Estados Unidos | DPA | Minor |
Data sources & attributions
Talyzr incorporates public skills and occupation taxonomies, used under the Creative Commons Attribution 4.0 (CC BY 4.0) license:
- O*NET® — O*NET data, U.S. Department of Labor, Employment and Training Administration (USDOL/ETA), via onetcenter.org, under CC BY 4.0. O*NET® is a registered trademark of USDOL/ETA.
- ESCO — European Skills, Competences, Qualifications and Occupations classification, © European Union, via esco.ec.europa.eu, under CC BY 4.0.
How we notify changes
- When we add a new sub-processor that will process personal customer data, we update this page and email the administrative contact of every customer with an active contract.
- We allow 30 days of lead-time between the notification and the new sub-processor's effective date.
- If a customer reasonably objects, we offer an alternative or a right to terminate without penalty.
- When we retire a sub-processor, we move it to the Retired section with the end date and bump the document version.
Questions about sub-processors?
For privacy or due-diligence questions: privacy@talyzr.com. To report a security vulnerability: security@talyzr.com.