Legal · Sub-processors
Sub-processors
kolm's audits run on a small set of infrastructure providers, and customer data stays out of any system that does not need it. This page lists sub-processors by the role they play. It is referenced by our Data Processing Addendum and kept current as the list changes.
Where your data goes
A sub-processor is a third party we rely on to run part of the service, for example the cloud that hosts our servers. The map below shows which categories of data reach a sub-processor and which never leave kolm. As a concrete example: a single signed report (around 40 KB of findings text) is stored with our hosting and object-storage providers, while the private signing key that makes it verifiable stays inside our key-management service and is never sent to any other role.
Marker reads: sub-processor means the category reaches one of the roles in the table below; stays in kolm means it never leaves our own systems.
By role
Sub-processors are listed by the function they perform. Each handles only the data category required for its role, under a data-processing agreement with terms no less protective than our own commitments to you.
| Role | Purpose | Data category | Region |
|---|---|---|---|
| Cloud hosting & compute | Runs the kolm services, the verification endpoint, and the transparency log | Service metadata; report contents at rest | United States |
| Object storage | Durable storage of signed reports and append-only audit logs | Report contents; integrity records | United States |
| Error & performance monitoring | Operational reliability of the verification path and APIs | Diagnostic and request metadata | United States / EU |
| Email & transactional messaging | Engagement coordination and report delivery notices | Contact name and email | United States |
| Payment processing | Billing for paid engagements and retainers | Billing contact; payment handled by the processor | United States |
What does not leave
We don't retain your application's underlying data beyond what an engagement requires. When we analyze imported logs, redaction is applied before storage, and the redacted material is deleted at the end of the retention window. The signing keys that make a report verifiable are held in a key-management service and never travel to a sub-processor outside that role.
03 / Change notificationChange notification
Before adding or replacing a sub-processor that handles customer data, we update this page and, for customers under a DPA, provide advance notice through the channel named there. If you object to a new sub-processor on reasonable data-protection grounds, contact us and we will work with you on alternatives.
04 / ContactContact
Questions about sub-processors, data residency, or data handling go to dev@kolm.ai.
Questions about a sub-processor?
Data residency, change objections, and data-handling questions all route to one inbox.
Caveats: Scope is contractual. Permission posture, redaction and audit-trail integrity are assessed. Injection is tested and reported, not warranted.