Sub-processors.
Last updated: 12 May 2026 · Policy version: kye-sub-processors-v1.0-2026-05-12 · Version hash: 7d22cb04ad119f30
The following sub-processors are engaged by KYE Protocol™ Ltd to deliver the Services. Each is bound by contractual obligations no less protective than the DPA.
| Sub-processor | Purpose | Data category | Region |
|---|---|---|---|
| Cloudflare, Inc. | Edge hosting (Pages), Pages Functions runtime, D1 (SQLite) tenant storage, R2 (object) storage, KV (key-value) cache, Workers AI, AI Gateway, Logpush, Email Routing | Marketing data, pilot applications, consent records, hashed IP/UA, Customer Data in scope of Stack Bindings, audit logs | Global, with EU + UK region pinning available on request |
| Clerk Inc. | Hosted authentication for admin.kyeprotocol.com (owners-only) and app.kyeprotocol.com (customer dashboard) — JWT issuance, session management, multi-factor. | Customer Data — PII (email, name, org), employee data | EU + US (region-pinned) |
| Stripe Payments Europe Ltd | Stripe Billing for subscription invoicing, Stripe Tax for automated VAT / sales-tax computation on the commercial lifecycle SKUs. | Billing records, billing-contact PII | EU + global (PCI-DSS scope at Stripe; KYE™ never sees raw card data) |
| ClickHouse, Inc. | ClickHouse Cloud analytics warehouse — compliance-export aggregations (DORA Art. 28), decision-volume rollups. Read-only audit-log replication. | Audit logs (immutable), operational telemetry | EU (data stays in region) |
Dev-time infrastructure (not sub-processors)
The following tools are used by KYE Protocol™ Ltd internally to build, test, and operate the Protocol. No Customer Data flows through them in the course of delivering the Services, and they are therefore not sub-processors under GDPR Art. 28. Listed here for transparency only.
- GitHub, Inc. (Microsoft) — source-code hosting, issue tracker, and CI/CD runners. Only KYE™-internal code and operational telemetry.
- Hugging Face, Inc. — mirroring of public, Apache 2.0 KYE Protocol™ artefacts. Public material only.
- Anthropic, PBC (Claude API) — KYE™-internal dev-time tooling. Used to build KYE™, not to operate the Services for customers; no Customer Data is sent.
Notices
Material changes to this list (new sub-processor, change of region, change of category) are announced at least 30 days before the change takes effect. Customers may subscribe to updates by emailing info@kyeprotocol.com with subject “sub-processor watch”.
Customer-side sub-processors
For the Audit Pilot program, KYE™ typically binds read-only to Customer-operated stacks (IAM/SSO, OAuth/OIDC, API gateway, MCP server, AI-agent framework, workflow engine, SIEM, GRC, policy engine, audit log, data store). Those Customer-operated stacks remain under Customer's control and are not KYE™ sub-processors.