Duplıpost
Create account
How it worksDocsSign in

Data residency

Last updated: June 2026

EU-hosted by default

Duplipost is built in Europe, for Europe. Your account and all the data created through your booking pages — booking types, bookings, invitee details, availability, and answers to your questions — are stored in the European Union (Stockholm, eu-north-1), not replicated to the United States.

For organisations in regulated sectors — healthcare, law, the public sector — that cannot or will not put personal data on US-based scheduling tools, this is a structural difference, not a setting you have to find and switch on.

Where your data lives

Your primary data store is a managed PostgreSQL database hosted in the EU. Data is encrypted at rest (AES-256) and in transit (TLS). We rely on a small set of sub-processors, each for a single purpose:

  • Supabase (EU, Stockholm) — primary database, authentication, and file storage.
  • Vercel — application hosting and global edge delivery of the (non-personal) page shell.
  • Resend — transactional email delivery (confirmations, reminders, reschedules).
  • Stripe — subscription billing. Stripe processes your payment details directly; we never store card numbers.
  • Google — only if you connect Google Calendar, and only for the calendar you authorise.

Where a sub-processor operates outside the EU, transfers are governed by Standard Contractual Clauses. We keep this list short on purpose — fewer parties touch your data.

Your controls

You are in control of your data, end to end:

  • Self-serve deletion. Delete your account at any time from Settings. This permanently erases your account and every record tied to it — no support ticket, no waiting.
  • Disconnect calendars instantly. Revoking Google Calendar access removes our token and stops all calendar reads and writes immediately.
  • Export on request. Need a copy of your data for portability? Email privacy@duplipost.com and we will provide it.

Data Processing Agreement

When you collect bookings, you are the data controller and Duplipost is your processor. A signed Data Processing Agreement (DPA) is available to Business customers. Contact privacy@duplipost.com to request one.

Questions

For anything related to data residency, GDPR, or our sub-processors, reach us at privacy@duplipost.com. See also our Privacy Policy.