TRANSPARENCY

Subprocessors

Every third-party service Knoq relies on to deliver its product. All entries carry current SOC 2 Type II attestations (or equivalent) and a signed DPA. Changes are posted here within 30 days. Enterprise customers under MSA receive 30 days advance notice of any new subprocessor that processes their data.

Current register

Vendor	Purpose	Data categories	Region	Compliance
Vercel	Application hosting, CDN, custom domain provisioning	Request metadata Deployment artifacts	US	SOC 2 Type II ISO 27001
Neon	Primary Postgres database	All customer data at rest	US	SOC 2 Type II
Stytch	B2B authentication, SSO, MFA	Member email Profile data SSO metadata	US	SOC 2 Type II
Anthropic	Managed Agents API	User prompts Agent outputs Tool inputs and results	US	SOC 2 Type II
Sentry	Error tracking and observability	Stack traces Redacted request payloads	US / EU	SOC 2 Type II ISO 27001
Resend	Transactional email	Email addresses Email bodies	US	SOC 2 Type II
Dodo Payments	Merchant of Record, billing and tax compliance	Billing contact Purchase history Tax ID	Global	SOC 2 Type II PCI-DSS
GitHub	Source control, CI/CD	Source code Commit metadata	US	SOC 2 Type II ISO 27001
Google Workspace	Corporate identity, email	Employee email Calendars	US	SOC 2 Type II ISO 27001

Changelog (rolling 24 months)

2026-05-08Initial public subprocessor register published.

Questions or customer notification requests?

Reach security@knoq.one. Enterprise customers under MSA may request to be added to the advance-notice list for new subprocessors.