Subprocessors
Every vendor with any access to GuardKin data.
Material changes to this list are announced 30 days in advance via email to firm customers. Annual reviews verify each subprocessor’s attestation remains current.
| Vendor | Purpose | Region | Attestation |
|---|---|---|---|
| Amazon Web Services | Compute, storage, KMS | US | SOC 2 Type II |
| Vercel | Web hosting, edge delivery | Global edge | SOC 2 Type II |
| Cloudflare | DNS, WAF, DDoS | Global edge | SOC 2 Type II |
| Neon | Postgres database | US | SOC 2 Type II |
| Clerk | Authentication, MFA | US | SOC 2 Type II |
| Stripe | Payments | US | SOC 1 Type II, SOC 2 Type II, PCI DSS L1 |
| Persona | Identity verification (executor attestation) | US | SOC 2 Type II |
| Anthropic | Helper LLM (zero-retention) | US | SOC 2 Type II |
| Axiom | Audit log hot store | US | SOC 2 Type II |
| Datadog | APM, monitoring | US | SOC 2 Type II |
| Sentry | Error tracking (data-scrubbing on) | US | SOC 2 Type II |
| Doppler | Secrets management | US | SOC 2 Type II |
| Resend | Transactional email | US | SOC 2 Type II |
| Inngest | Async job orchestration | US | SOC 2 Type II |
| Twilio | SMS for multi-channel verification | US | SOC 2 Type II |
| GitHub | Source code, CI/CD | US | SOC 2 Type II |
| Have I Been Pwned (HIBP) | Password-breach screening (k-anonymity prefix lookup, fail-open) — first 5 hex chars of SHA-1 only; no credential material or PII leaves GuardKin | Global (Cloudflare-fronted) | No SOC 2 — k-anonymity is the compensating control |