Legal
KnoxCall uses the following sub-processors to deliver its service. We notify customers at least 30 days before adding or removing a sub-processor via:
To object to a sub-processor addition, email [email protected] within 14 days of notification.
| Sub-processor | Purpose | Data categories | Region(s) | DPA status | Certifications |
|---|---|---|---|---|---|
| DigitalOcean | Compute, managed Postgres, managed Redis, object storage (Spaces) | All customer data | US, EU, AU | Signed | ISO 27001:2013, SOC 2 Type II, CSA STAR Level 2 |
| Cloudflare | CDN, WAF, DDoS, DNS, mTLS termination | All customer traffic transiting the edge | Global edge | Signed | ISO 27001:2022, SOC 2 Type II, PCI DSS, FedRAMP Moderate |
| Stripe | Payment processing, billing | Billing identifiers, payment instruments | US, EU | Signed (built into TOS) | PCI DSS Level 1, SOC 1 + 2 Type II, ISO 27001 |
| AWS (S3 Object Lock) | Immutable audit-log archive | Audit log records | US | Signed | ISO 27001, SOC 1/2/3 Type II, PCI DSS, FedRAMP High |
| Resend | Transactional email | Recipient email + message contents | US, EU | In progress (template signed; awaiting countersign) | SOC 2 Type II (in progress) |
| Klaviyo | Marketing email (optional, customer-opt-in) | Recipient email | US | In progress | SOC 2 Type II, ISO 27001 |
| Twilio | SMS for MFA fallback | Recipient phone, MFA codes | US, AU | In progress | SOC 2 Type II, ISO 27001, HIPAA-eligible |
| Anthropic | Claude API (AI features when enabled by tenant) | Prompt contents (after PII redaction) | US | Signed — Zero-Retention Mode | SOC 2 Type II, ISO 27001 |
| MaxMind | GeoIP2 dataset (IP-to-region) | Inbound IP addresses | US | Licensing terms — no customer data transferred | n/a |
| Date | Change | Effective |
|---|---|---|
| 2026-06-01 | First publication of sub-processor list | 2026-06-01 |
Privacy: [email protected]
Mail: KnoxCall Limited, Auckland, New Zealand