Last updated: January 2, 2026
Poplitu is committed to compliance with the General Data Protection Regulation (GDPR) and other data protection laws. This page serves as an overview of our Data Processing Agreement (DPA) and list of sub-processors.
When you use Poplitu to collect personal data from EU citizens, you act as the “Data Controller” and Poplitu acts as the “Data Processor.” Our Terms of Service incorporate a standard Data Processing Agreement that governs our processing of this data on your behalf.
By agreeing to our Terms of Service, you are also agreeing to our DPA, which includes standard contractual clauses (SCCs) for international data transfers.
We engage the following third-party entities (“Sub-Processors”) to assist us in providing the Service. We maintain agreements with each of these sub-processors ensuring they protect your data to the same standards as required by GDPR.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Hosting & Database | USA / Global |
| Stripe | Payment Processing | USA |
| Postmark / SendGrid | Transactional Emails | USA |
As a Data Processor, we assist you in fulfilling your obligations to respond to requests from data subjects (your respondents) to exercise their rights (access, rectification, erasure, etc.). Please contact support@poplitu.com for assistance with any subject access requests.