Subprocessors.
Every third-party service kolm uses. What each one handles. Whether they touch PHI by default. Last updated 2026-05-16.
Customers on Business and Enterprise plans receive 30-days' notice before any new subprocessor is added that could touch tenant data. Email subscription → subprocessors@kolm.ai.
| Subprocessor | Purpose | Data handled | PHI? | Location |
|---|---|---|---|---|
| Vercel vercel.com |
Static asset CDN · edge routing for kolm.ai | HTTP request logs, IP addresses (truncated after 24h) | never | US-east, US-west, EU |
| Railway railway.app |
Compute backend · control plane (signup, compile orchestration, billing) | Tenant metadata, API keys (hashed), compile job records | never | US-west (us-west2) |
| Stripe stripe.com |
Billing · subscription management · tax | Name, email, billing address, payment method (Stripe-tokenized) | never | US (Stripe-managed) |
| Resend resend.com |
Transactional email · signup, billing, security notifications | Email address, message body (no PHI) | never | US |
| Anthropic / OpenAI / Google your frontier vendor |
Teacher model during compile only · called from your bridge with your key | Whatever you send as seed examples · redact PHI before passing | opt-in only | Your choice of vendor · kolm never proxies |
| Cloudflare cloudflare.com |
DNS · DDoS protection at the edge | IP address, request metadata (no payload) | never | Global |
| GitHub github.com |
Source-code hosting · CI for our own build | Our code only · no tenant data | never | US |
By design, the following never receive PHI
In a properly configured deployment, PHI is redacted by the kolm runtime before any subprocessor is contacted. The customer-hosted compile bridge (BYOC) ensures PHI doesn't leave your VPC at all. See BYOC architecture and data-flow diagram for the exact boundaries.
Customer-controlled subprocessors
When you bring your own frontier-model key (Anthropic, OpenAI, Google, Together, Groq), kolm calls that vendor directly from your bridge using your key. Those vendor relationships are yours, not ours. We do not store, proxy, or observe those calls. Their privacy policy, their data-residency, their BAA (if applicable).
- 2026-05-16 · initial publication of subprocessor list