Sub-processor register
Every third party that processes personal data on Koji's behalf as part of delivering the enterprise platform. This list is updated whenever a sub-processor is added, replaced, or removed.
What is a sub-processor?
A sub-processor is a third-party service provider that processes personal data on Koji's behalf to deliver the platform. Under our Data Processing Agreement, the customer (as controller) gives general written authorization for Koji to engage the sub-processors listed below.
Each sub-processor operates under a written agreement with Koji that imposes data-protection obligations no less protective than those in Koji's own DPA with the customer. Koji remains fully liable to the customer for the acts and omissions of its sub-processors with respect to customer personal data.
The DPA column in the tables below shows "In effect" when a data-protection agreement is binding between Koji and the sub-processor, whether via a bespoke signed agreement or through the sub-processor's standard terms (where those terms include a complying DPA, as most enterprise SaaS vendors do).
Core infrastructure
Hosting, database, and storage. Every enterprise deployment uses these.
| Sub-processor | Purpose | Data processed | Region | DPA |
|---|---|---|---|---|
| Vercel, Inc. | Application hosting, edge compute, content delivery, DDoS protection | Application traffic, session data, server logs | EU or US (selected per customer at provisioning) | In effect |
| Supabase, Inc. | Primary database (Postgres), authentication, file storage | All persistent customer data; isolated database instance per enterprise client | EU or US (selected per customer at provisioning) | In effect |
AI and voice providers
Used when the customer selects Koji-recommended models. Customers using their own enterprise LLM contracts substitute these with their chosen providers (OpenAI, Anthropic, Azure OpenAI, Google, Mistral, Meta Llama, or others) under their own enterprise agreements.
| Sub-processor | Purpose | Data processed | Region | DPA |
|---|---|---|---|---|
| Google LLC (Vertex AI / Gemini) | Text reasoning model for interview moderation, transcript analysis, and report generation. Used only when the customer selects Koji-recommended models. | Interview transcripts and prompts during synchronous processing; no training on customer data | Customer-selected region (EU or US) | In effect |
| ElevenLabs, Inc. | Voice synthesis and real-time conversational AI for voice interviews | Audio streams and transcripts during the interview session | EU or US (selected per customer) | In effect |
Business operations
Billing, transactional email, and internal workspace services.
| Sub-processor | Purpose | Data processed | Region | DPA |
|---|---|---|---|---|
| Stripe, Inc. | Payment processing, subscription billing, invoicing | Billing contact, payment method details, invoice records | Global (Stripe-managed) | In effect |
| Resend, Inc. | Transactional email delivery (account notifications, invites, system messages) | Recipient email address, message content, delivery metadata | EU (Frankfurt) | In effect |
| Google LLC (Workspace, Calendar API) | Internal workspace email/calendar; Calendar API for the customer-facing schedule-call feature | Meeting metadata, attendee emails, booking details | Global (Google-managed) | In effect |
Analytics and observability
Aggregated product analytics and system telemetry. No personal interview content is sent to these systems.
| Sub-processor | Purpose | Data processed | Region | DPA |
|---|---|---|---|---|
| PostHog, Inc. | Product analytics, session telemetry (no PII captured by default) | Anonymized usage events, page views, feature interactions | EU (Frankfurt) | In effect |
| Vercel, Inc. (Observability) | Application and infrastructure telemetry, traces, logs | Server logs, performance traces, error reports | EU or US (matches hosting region) | In effect |
Notification of changes
Koji notifies subscribed customers in writing at least thirty days before any addition or replacement of sub-processors takes effect. The notification describes the new sub-processor, the services they will perform, the regions in which they operate, and the date the change will take effect.
Customers who object to a proposed change on reasonable data-protection grounds may notify Koji within the notice period. The parties will work in good faith to find a resolution; failing that, the customer may terminate the affected services without penalty.
What is not on this list
Service providers that do not process customer personal data are not classified as sub-processors and are not listed here. This includes development tools, internal collaboration software, accounting platforms, and similar back-office services where no customer personal data is shared. A complete vendor list is available on request for due-diligence purposes.