Sub-processors
Third parties engaged by Tinct to process personal data on behalf of its customers
Tinct SAS · Last updated June 2026
This page lists the Sub-processors that Tinct SAS engages to help deliver its service. It forms part of the Tinct Data Processing Agreement and is the authoritative, up-to-date list referenced therein.
Change notifications. Tinct will notify customers of any intended addition or replacement of a Sub-processor at least thirty (30) days in advance, giving customers the opportunity to object on reasonable data-protection grounds. To receive these notifications, contact contact@tinct.ai.
Each Sub-processor is engaged under a written agreement (a DPA and/or Standard Contractual Clauses where applicable) imposing data-protection obligations equivalent to those in the Tinct DPA.
Current Sub-processors
Sub-processor | Role | Data processed | Location | Transfer mechanism |
|---|---|---|---|---|
Core infrastructure & AI | ||||
Amazon Web Services (AWS) | Cloud infrastructure (compute, storage, database, networking) | All platform data (encrypted at rest and in transit) | EU (eu-west-1, Ireland) | EU — no transfer |
Amazon Bedrock (AWS) | AI content generation (LLM inference) | Company-level prompt data (no personal data in standard use) | EU (eu-west-1, Ireland) | EU — no transfer |
Cloudflare | Edge compute, KV store, CDN, DNS | Visitor IP addresses, snippet requests | Global edge / EU at rest | SCCs / adequacy |
Billing & communications | ||||
Stripe | Payment processing, subscription management | Billing contact data, payment method tokens | USA / EU | SCCs + EU–US DPF |
Brevo (brevo.com) | Transactional email delivery | Email address, email content | EU | EU — no transfer |
Data enrichment & crawling | ||||
Brightdata | Crawler infrastructure powering TinctBot | Public web page content (no personal data targeted) | USA / Global | SCCs |
IPInfo | IP enrichment (company attribution) | IP addresses (company-level lookup) | USA | SCCs |
LogoDev | Company logo retrieval | Company domain (no personal data) | USA | SCCs |
Analytics, security & internal tooling | ||||
PostHog | Product analytics (platform usage) | Platform user behaviour (pseudonymous) | EU (self-hosted option) | EU / SCCs |
Google Cloud (reCAPTCHA) | Bot detection / form protection | Browser signals, IP | USA / Global | SCCs + EU–US DPF |
Attio | Internal CRM (Tinct customer management) | Tinct's own customer contact data | EU | EU — no transfer |
Axeptio | Consent management | Consent Preferences | EU | EU (no transfer) |
Google Tag Manager | Tag Management/orchestration | Browser Signals, IP | USA | SCCs |
Authentication (social login, user-initiated) | ||||
Google (OAuth) | Social login provider | OAuth token, email, name | USA / Global | SCCs + EU–US DPF |
Microsoft (OAuth) | Social login provider | OAuth token, email, name | USA / Global | SCCs + EU–US DPF |
LinkedIn (OAuth) | Social login provider | OAuth token, LinkedIn ID | USA / Global | SCCs |
Several Sub-processors located in the United States (including Stripe, Google and Microsoft) are additionally certified under the EU–US Data Privacy Framework, providing a further adequacy-based safeguard for transfers outside the EEA.
Tinct SAS — 5 Rue Pleyel, Bureau 3, 93200 Saint-Denis, France · RCS 101 730 018 R.C.S. Bobigny · contact@tinct.ai