Third parties supporting authentication, payments, domains, deployments, and Kuro.
Last updated July 14, 2026
Tucloud policy
Subprocessor List
01
How to read this list
This list identifies key third parties integrated into the current Tucloud services. A provider receives data only when the related feature is used. Provider locations and downstream infrastructure may vary, and provider terms and privacy notices govern their independent activities.
02
Supabase
Purpose: account authentication, Google sign-in integration, database, and application storage. Data may include account identifiers, email, profile data, subscriptions, domain records, GitHub installation metadata, projects, deployments, and encrypted environment variable records.
03
Stripe and PayPal
Purpose: checkout, recurring subscriptions, payment confirmation, refunds, and fraud prevention. Data may include name, email, billing details, payment credentials handled directly by the provider, transaction identifiers, subscription status, and billing events.
04
GitHub
Purpose: repository connection, installation authorization, build workflows, deployments, commit and run metadata, and deployment logs. Data may include GitHub account and installation identifiers, selected repositories, branches, commit metadata, workflow runs, and environment secret names and values submitted to GitHub for deployment.
05
Google
Purpose: optional account authentication through Google OAuth. Data may include Google account identifier, email, name, avatar, and authentication metadata made available by the user and Google.
06
Dynadot and registries
Purpose: domain availability, pricing, registration, renewal, contact privacy, and lifecycle management. Data may include domain name, registrant contact information, registration period, nameservers, and order identifiers. Relevant registries and registry operators also receive required registration data.
07
Kuro AI providers
Purpose: AI planning, code and interface generation, revision, conversation, and summaries. Current integrations may include HeckAI, Koala, OpenCode, and llmproxy or FreeChat. Data may include prompts, instructions, generated output, and excerpts of existing project code. These gateways may use underlying models from additional model developers.
08
Certificate and infrastructure services
Purpose: hosting, network delivery, DNS verification, TLS certificates, system administration, backups, and security. Certificate authorities such as Let's Encrypt receive domain names and technical validation data. Infrastructure providers process hosted content, network addresses, logs, and operational metadata as necessary to deliver the service.
09
Updates and contact
We update this list when integrations materially change. Questions or reasonable objections concerning a subprocessor may be sent to legal@tucloud.app.