Tidyflow uses a limited number of trusted third-party service providers (“sub-processors”) to help us operate, secure, and improve the platform.
Sub-processors may process customer data solely for the purpose of providing services to Tidyflow. Each sub-processor is contractually required to implement appropriate technical and organizational security measures.
Infrastructure & Hosting
DigitalOcean
Purpose: Application hosting and infrastructure
Location: United States
Amazon Web Services (AWS)
Purpose: Secure database storage, file storage, and encrypted backups
Location: United States
Payments
Stripe
Purpose: Subscription billing and secure payment processing
Location: United States
Tidyflow does not store or process full payment card details. All payment information is handled directly by Stripe.
Email & Communications
Postmark
Purpose: Transactional email delivery (system notifications and alerts)
Location: United States
Google Workspace
Purpose: Internal communications and limited customer support correspondence
Location: United States
Missive
Purpose: Customer support email management
Location: United States
Authentication
Google Identity
Purpose: User authentication (OAuth login)
Location: United States
Microsoft Identity Platform
Purpose: User authentication (OAuth login)
Location: United States
Email Integration
Google Gmail API
Purpose: Email sync, viewing, composing, and sending for connected Gmail mailboxes
Location: United States
Google Gmail API is engaged as a sub-processor only where a customer has authorised the connection of a Gmail account via OAuth 2.0. Tidyflow accesses email data (message content, metadata, sender/recipient information, and attachments) solely to provide email functionality within the Service. Tidyflow’s use of Google user data adheres to the Google API Services User Data Policy, including the Limited Use requirements. For full details, see our Use of Google API Services page.
Microsoft Graph API (Microsoft 365 / Outlook)
Purpose: Email sync, viewing, composing, and sending for connected Microsoft 365 and Outlook mailboxes
Location: United States
Microsoft Graph API is engaged as a sub-processor only where a customer has authorised the connection of a Microsoft email account via OAuth 2.0. Tidyflow accesses email data (message content, metadata, sender/recipient information, and attachments) solely to provide email functionality within the Service.
AI Features
OpenAI
Purpose: Third-party AI processing for optional AI Features (email summarisation, workflow assistance, content generation, and related functionality) Location: United States
OpenAI is engaged as a sub-processor only where a customer has opted in to AI Features. Data transmitted to OpenAI is pseudonymised via tokenisation before leaving the Tidyflow platform. OpenAI processes data in real time and does not retain inputs or outputs after the response is returned, except for short-term abuse monitoring. OpenAI is contractually prohibited from using customer data to train or improve its models. For full details, see our AI Terms of Use.
Product Analytics
PostHog
Purpose: Product analytics, feature flags, and user behaviour tracking Location: United States
Microsoft Clarity
Purpose: Product usage insights and session analytics Location: United States
Customer Communications
Loops
Purpose: Product onboarding and lifecycle email communications
Location: United States
Sub-processor Engagement
Tidyflow engages sub-processors to support the delivery of its services. Each sub-processor is bound by a written data processing agreement that includes confidentiality, security, and data protection obligations consistent with applicable data protection laws.
International Data Transfers
Tidyflow primarily operates using United States-based infrastructure. Where personal data is transferred outside a customer’s jurisdiction, we implement appropriate safeguards in accordance with applicable data protection regulations.
Customers may contact us for additional information regarding data transfer safeguards.
Updates to This List
We may update this list from time to time as our services evolve. The most current version will always be available on this page.
Contact
For questions regarding sub-processors or data handling practices, please contact [email protected].