Sub-processor List
Last updated: 23 April 2026
KnowledgeScout may update this list from time to time. The current version is available at knowledgescout.io/legal/subprocessors. Processing locations may involve global infrastructure depending on the provider's architecture.
KnowledgeScout Pty Ltd (KnowledgeScout) engages a limited number of third-party service providers (sub-processors) to assist in delivering our platform. Each sub-processor processes personal data on behalf of our Clients and is bound by contractual obligations to protect that data in accordance with applicable data protection laws.
This page lists the sub-processors that may process Client personal data as part of the KnowledgeScout service. It is maintained in accordance with our Data Processing Agreement (DPA), available at knowledgescout.io/legal/dpa.
Change notifications: We will notify Clients by email at least 30 days before engaging a new sub-processor that processes Client personal data. If you wish to subscribe to sub-processor change notifications, please email privacy@knowledgescout.io.
Current Sub-processors
| Provider | Purpose | Data Processed | Location(s) | DPA/SCCs |
|---|---|---|---|---|
| Vultr Holdings LLC | Virtual private server (VPS) hosting for application and database infrastructure | All Client Content and platform data within the Customer's selected data region (tenant databases, configuration, audit logs) | Sydney (Australia), London (United Kingdom), Dallas (United States) — per tenant selection | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
| Anthropic, PBC | AI-powered chatbot and content summarisation (default provider) | Search queries, relevant article excerpts, conversation logs (optional per tenant). Token usage tracked for billing. | Processing: US, EU, APAC (load balancing). Storage: US | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
| Stripe, Inc. | Payment processing and subscription billing | Billing address, name, email, payment card data (tokenised — not stored by KnowledgeScout), transaction records, subscription status | United States, Global | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
| Cloudflare, Inc. | DNS, CDN, DDoS protection, Web Application Firewall, TLS termination, Workers (tenant routing), R2 (backup storage) | IP addresses, HTTP request metadata, SSL certificates, encrypted database backups (in R2, encrypted with per-tenant SQLCipher AES-256 keys before upload), tenant-to-region mappings | Global edge network (processing may occur in multiple jurisdictions depending on routing) | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
| Resend, Inc. | Email delivery (transactional, service communications, and marketing where applicable) | Email addresses, name, email content (authentication codes, password reset links, service notifications, product updates, marketing communications where opted in) | United States, Global | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
| Plausible Insights OÜ | Cookie-free website traffic analytics | Aggregate usage data (configured to minimise personal data collection; no intentional storage of identifiable personal data) | Estonia, EU | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
| PostHog, Inc. | Cookie-free product analytics (in-app feature usage and activation tracking) | Product analytics event data and feature usage patterns, configured to avoid cookies and persistent identifiers and to minimise identifiable personal data. | United States | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
| Sentry (Functional Software, Inc.) | Application error monitoring and crash reporting | Error messages, stack traces, browser type, operating system, IP address (anonymised), request URLs. No Client Content is captured. | United States | Yes (including SCCs or other legally recognised transfer mechanisms, where applicable) |
Bring Your Own API Key (BYOK) Providers
KnowledgeScout offers Clients the option to connect their own API key from supported third-party AI providers, including Anthropic, OpenAI, Microsoft Azure OpenAI Service, and self-hosted or custom LLMs using an OpenAI-compatible API. When a Client uses BYOK, the chosen AI provider is not a sub-processor of KnowledgeScout. The Client has a direct contractual relationship with the chosen provider and is solely responsible for ensuring it meets their data protection and compliance requirements. KnowledgeScout acts solely on the Client's documented instruction. See Section 6 of the Data Processing Agreement for details.
Internal Business Tools
KnowledgeScout uses additional third-party tools for its own internal business operations (e.g. Microsoft Teams for internal communications). These tools do not process Client personal data as part of the KnowledgeScout service and are therefore not listed as sub-processors. If Client personal data is incidentally processed through these tools (for example, if a Client emails our support team), it is handled in accordance with our Privacy Policy.
Change Log
| Date | Change | Effective Date |
|---|---|---|
| 24 March 2026 | Initial publication. Added Resend (email delivery), Plausible Insights OÜ (website analytics), and PostHog, Inc. (product analytics) as sub-processors. | 24 March 2026 |
| 27 March 2026 | Added Sentry (Functional Software, Inc.) for application error monitoring. | 27 March 2026 |
| 23 April 2026 | Wording refinements following legal review. Standardised the DPA/SCC descriptors across all sub-processor entries and updated the Cloudflare location description. No sub-processors added or removed. | 23 April 2026 |
If you have any questions about our sub-processors or wish to raise an objection to a new sub-processor, please contact us at privacy@knowledgescout.io.