Legal · Sub-processors

Sub-processors

kolm's audits run on a small set of infrastructure providers, and customer data stays out of any system that does not need it. This page lists sub-processors by the role they play. It is referenced by our Data Processing Addendum and kept current as the list changes.

Last updated 1 June 2026

Orientation / Where your data goes

Where your data goes

A sub-processor is a third party we rely on to run part of the service, for example the cloud that hosts our servers. The map below shows which categories of data reach a sub-processor and which never leave kolm. As a concrete example: a single signed report (around 40 KB of findings text) is stored with our hosting and object-storage providers, while the private signing key that makes it verifiable stays inside our key-management service and is never sent to any other role.

Data categoryWhere it lives

Signed report contentsThe findings text and integrity records, around 40 KB per report.sub-processor

Contact name and emailUsed only to coordinate the engagement and send delivery notices.sub-processor

Billing contactCard data is handled by the payment processor, never by kolm.sub-processor

Private signing keyHeld in a key-management service; makes every report verifiable.stays in kolm

Un-redacted source logsRedaction is applied before storage; raw material is not retained.stays in kolm

Marker reads: sub-processor means the category reaches one of the roles in the table below; stays in kolm means it never leaves our own systems.

01 / By role

By role

Sub-processors are listed by the function they perform. Each handles only the data category required for its role, under a data-processing agreement with terms no less protective than our own commitments to you.

Role	Purpose	Data category	Region
Cloud hosting & compute	Runs the kolm services, the verification endpoint, and the transparency log	Service metadata; report contents at rest	United States
Object storage	Durable storage of signed reports and append-only audit logs	Report contents; integrity records	United States
Error & performance monitoring	Operational reliability of the verification path and APIs	Diagnostic and request metadata	United States / EU
Email & transactional messaging	Engagement coordination and report delivery notices	Contact name and email	United States
Payment processing	Billing for paid engagements and retainers	Billing contact; payment handled by the processor	United States

02 / Data boundaries

What does not leave

We don't retain your application's underlying data beyond what an engagement requires. When we analyze imported logs, redaction is applied before storage, and the redacted material is deleted at the end of the retention window. The signing keys that make a report verifiable are held in a key-management service and never travel to a sub-processor outside that role.

03 / Change notification

Change notification

Before adding or replacing a sub-processor that handles customer data, we update this page and, for customers under a DPA, provide advance notice through the channel named there. If you object to a new sub-processor on reasonable data-protection grounds, contact us and we will work with you on alternatives.

04 / Contact

Contact

Questions about sub-processors, data residency, or data handling go to dev@kolm.ai.

Questions about a sub-processor?

Data residency, change objections, and data-handling questions all route to one inbox.

Contact dev@kolm.ai Read the DPA

Compiler-ready Signed artifacts Sample report

Caveats: Scope is contractual. Permission posture, redaction and audit-trail integrity are assessed. Injection is tested and reported, not warranted.