KnowBe4 currently uses third-party sub-processors to provide infrastructure services and to help us provide customer support and email notifications. Prior to engaging any third-party sub-processor, KnowBe4 performs due diligence evaluations to ensure their privacy, security, and confidentiality practices and executes a data processing agreement (DPA) to ensure compliance with applicable legislation.
Key Terms:
KMSAT Console Administrator: Any user labeled an administrator in the KMSAT console.
KMSAT Console User: Any user located in KnowBe4’s KMSAT software as a service (SaaS) platforms. This includes end-users, admins, partner users, or any other user that is created in the console(s). (This includes PhishER.)
KCM GRC Console User: Any user uploaded into KnowBe4’s KCM GRC SaaS platform. This includes end-users, admins, partner users, vendor users, or any other user that is created in the console.
Backup and Recovery Site: Secondary data centers. These are generally used for disaster recovery.
Console User Metadata: Summarizes basic user information. This includes general information such as date created, time error generated, or date modified. This does not always tie back to a specific user.
KMSAT Console: KnowBe4’s flagship product that provides security awareness training and simulated phishing services.
KCM GRC: Knowbe4’s governance, risk, and compliance tool.
Primary Business Contact: This individual is generally the main point of contact for KnowBe4’s customer success managers (CSMs).
Ticket Requester: Any individual that submits a support ticket to KnowBe4.
KMSAT Sub-Processor Listing
Infrastructure Sub-Processors
|
Name |
Data Storage Location |
Data Subjects |
Categories of Data Processed |
Privacy and Security Controls |
Purpose |
|
Amazon AWS
Website: amazon.com
Address: 410 Terry Ave N Seattle, WA Method of Transfer: EU Standard Contractual Clauses
|
Option 1 (default): Amazon AWS Data Center in the United States, Northern Virginia (us-east-1)
Backup and Recovery Site: Amazon AWS Data Center in the United States, Oregon (us-west-2) ------------- Option 2: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1)
Backup and Recovery Site: Amazon AWS Data Center Frankfurt, Germany (eu-central-1) ------------- Option 3: Amazon AWS Data Center in Montreal, Canada (central)
Backup and Recovery Site: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1) ------------- Option 4: Amazon AWS Data Center in London, England (eu-west-2)
Backup and Recovery Site: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1) -------------
Option 5: Amazon AWS Data Center in Frankfurt, Germany (eu-central-1) Backup and Recovery Site: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1)
|
KMSAT Console Users |
Data Collected Directly From Customer: First Name, Last Name, Manager First Name, Manager Last Name, Business Phone Number, Business Email Address, Mobile Phone Number, Employee Title, Employee Department, IP Address, Browser Information, Training and Coaching Information
Generated Information: Phishing Campaign Results and Metrics, Security Awareness Training Results, Risk Score
|
KnowBe4 has reviewed and annually reviews Amazon AWS's SOC II report and other related compliance and certification documentation as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement (DPA) with EC-approved standard contractual clauses for the purposes of processing data in the United States. |
Necessary for providing the infrastructure for KnowBe4’s application(s). The product will not be able to function without this sub-processor. |
Product Functionality Sub-Processors
|
Name and Address |
Data Storage Location |
Data Subjects |
Categories of Data Processed |
Privacy and Security Controls |
Purpose |
|
Datadog
Website: datadoghq.com
Address: 620 8th Ave 45th Floor New York, NY 10018 USA Method of Transfer: EU Standard Contractual Clauses
|
Production: Amazon AWS US Data Centers
Backup Data Storage: Amazon AWS US Data Centers |
Console Users |
First Name, Last Name, Email Address, IP Address, Browser Information, Logging Information
|
KnowBe4 has reviewed and annually reviews Datadog's SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States. |
Necessary for application logs, system logging, and analytics. |
|
Pendo.io Website: Pendo.io
Address: 150 Fayetteville St #1400, Raleigh, NC 27601 Method of Transfer: EU Standard Contractual Clauses
|
Production: GCP |
Console Users |
Name, Email, Phone Number, Company Number, IP Address, Usage Data |
KnowBe4 has reviewed and annually reviews Pendo.io SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States. |
Allows capture of metrics to improve the product. |
Sub-Processors Used to Provide Support Services
|
Name |
Data Storage Location |
Data Subjects |
Categories of Data Processed |
Privacy and Security Controls |
Purpose |
|
Zendesk
Website: Zendesk.com
Address: 1019 Market St, San Francisco, CA 94103 USA
Method of Transfer: EU Standard Contractual Clauses
|
Production: Amazon AWS Data Centers (us-east-1)
Backup Data Storage: Amazon AWS Data Centers in the United States |
Console Administrators, Ticket Requesters
|
Ticket ID, Requester ID, Status, Assignee ID, Custom Fields |
KnowBe4 has reviewed and annually reviews Zendesk’s SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States. |
Allows KnowBe4 to track support requests across channels to improve team performance. |
|
Salesforce
Website: Salesforce.com
Address: Salesforce Tower, 415 Mission Street, 3rd Floor San Francisco, CA 94105 USA
Method of Transfer: EU Standard Contractual Clauses
|
Production:
Salesforce Data Centers in Chicago, Illinois
Backup Data Storage: Salesforce Data Centers in Washington, USA |
Primary Business Contacts, Ticket Requestors
**Does not have direct access to KMSAT console information**
|
Name, Email, Contact Information, Device and Usage Data, Company Billing Information, IP Address, Job Title, Cookies (required, functional), Telephony Log Information |
KnowBe4 has reviewed and annually reviews Salesforce's SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States. |
Customer relationship management software.
|
|
Mixpanel
Website: mixpanel.com
Address: One Front St, Floor 28 San Francisco, CA 94111 USA
Method of Transfer: EU Standard Contractual Clauses
|
Production: Google Cloud Data Centers in the United States
Backup Data Storage: Google Cloud Data Centers in the United States |
Primary Business Contacts (past or present), Console Users
|
Name, Email, Postal Address, Phone Number, Company Number, IP Address, Usage Information |
KnowBe4 has reviewed and annually reviews Mixpanel's SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States. |
Analyze, measure, and improve our customer experience. |
|
Hubspot
Website: Hubspot.com
Address: 25 First Street, 2nd Floor, Cambridge, MA 02141 United States
Method of Transfer: EU Standard Contractual Clauses
|
Production: Amazon AWS Data Centers (us-east-1)
Backup Data Storage: Amazon AWS Data Centers in the United States
|
Console Administrators |
Administrator emails |
KnowBe4 has reviewed and annually reviews Hubspot’s SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States. |
Customer relationship management |
|
Insided
Website: Insided.com
Address: Singel 118, Amsterdam, 1015 AE, Netherlands
Method of Transfer: EU Standard Contractual Clauses
|
Production: Amazon AWS Data Centers (us-east-1)
Backup Data Storage: Amazon AWS Data Centers in the United States
|
Community end users |
Administrator email addresses, Usage Metadata, General Demographic Information, Ticket IDs |
KnowBe4 has reviewed and annually reviews Insided’s security certifications as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States. |
Community engagement |
KCM GRC Sub-Processor Listing
Infrastructure Sub-Processors
|
Name |
Data Storage Location |
Data Subjects |
Categories of Data Processed |
Privacy and Security Controls |
Purpose |
|
Amazon AWS
Website: amazon.com
Address: 410 Terry Ave N Seattle, WA Method of Transfer: EU Standard Contractual Clauses
|
Production:
Option 1: Amazon AWS Data Centers in the United States (us-east-1)
Backup Data Storage: AWS Data Center (us-west-1)
Option 2: Amazon AWS Data Centers in Europe located in London (eu-west-2)
Backup Data Storage: Amazon AWS Data Center Dublin, Ireland (eu-west-1) |
Customer Employees or Contractors (past or present) |
Data Collected Directly from Customer: First Name, Last Name, Email Address, IP Address, Browser Information Generated Information: Compliance, Risk, and Vendor Metrics and Documentation
|
KnowBe4 has reviewed and annually reviews Amazon AWS's SOC II and ISO 27001 certification as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States. |
Necessary for providing the infrastructure for KnowBe4’s KCM GRC application. The product will not be able to function without this sub-processor. |
Product Functionality Sub-Processors
|
Name |
Data Storage Location |
Data Subjects |
Categories of Data Processed |
Privacy and Security Controls |
Purpose |
|
Datadog
Website: datadoghq.com
Address: 620 8th Ave 45th Floor New York, NY 10018 USA Method of Transfer: EU Standard Contractual Clauses
|
Production: Amazon AWS Data Centers in the United States
Backup Data Storage: Amazon AWS Data Centers in the United States |
Console Users |
First Name, Last Name, Email Address, IP Address, Browser Information, Logging Information
|
KnowBe4 has reviewed and annually reviews Datadog's SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States. |
Necessary for application logs, system logging, and analytics. |
|
Pendo.io Website: Pendo.io
Address: 150 Fayetteville St #1400, Raleigh, NC 27601 Method of Transfer: EU Standard Contractual Clauses
|
Production: GCP |
Console Users |
KCM Metadata |
KnowBe4 has reviewed and annually reviews Pendo.io SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States. |
Allows capture of metrics to improve the product. |
Sub-Processors Used to Provide Support Services for KCM GRC
|
Name |
Data Storage Location |
Data Subjects |
Categories of Data Processed |
Privacy and Security Controls |
Purpose |
|
Zendesk
Website: Zendesk
Address: 1019 Market St, San Francisco, CA 94103 USA
Method of Transfer: EU Standard Contractual Clauses
|
Production: Amazon AWS Data Centers (us-east-1)
Backup Data Storage: Amazon AWS Data Centers in the United States |
Console Administrators, Ticket Requesters
|
Ticket ID, Requester ID, Status, Assignee ID, Custom Fields |
KnowBe4 has reviewed and annually reviews Zendesk’s SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States. |
Allows KnowBe4 to track support requests across channels to improve team performance. |
|
Salesforce
Website: Salesforce.com
Address: Salesforce Tower, 415 Mission Street, 3rd Floor San Francisco, CA 94105 USA
Method of Transfer: EU Standard Contractual Clauses
|
Production: Salesforce Data Centers in Chicago, Illinois
Backup Data Storage: Salesforce Data Centers in Washington, USA |
Primary Business Contacts, Ticket Requestors
**Does not have direct access to KMSAT console information**
|
Name, Email, Contact Information, Device and Usage Data, Company Billing Information, IP Address, Job Title, Cookies (required, functional), Telephony Log Information |
KnowBe4 has reviewed and annually reviews Salesforce's SOC II report as a part of its vendor due diligence process.
KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States. |
Customer relationship management software.
|
KnowBe4 affiliates used for providing customer (support) services
|
Name |
Data Processing Location |
Data Subjects |
Categories of Data Processed |
Purpose |
Access Level |
|
KnowBe4, Inc. USA (HQ) Office Address: 33 N Garden Avenue, Clearwater FL, 33755 International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
USA |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to you.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
Storage; access for customer service and support; providing customer access and use of the services; abuse detection, prevention, and remediation; and maintaining, improving, and providing the services. |
Need to know only. |
|
KnowBe4 NL. B.V.
Registered address: Papendorpseweg 99, Utrecht 3528 BJ, The Netherlands
|
Netherlands |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to you.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers and shared service center activities, where required. |
Need to know only. |
|
KnowBe4 Germany GmbH Registered address: Rheinstr. 45-46, 12161 Berlin, Germany International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
Germany |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to you. Any console, ticket, or audit log information processed by the support affiliates are on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required. |
Need to know only. |
|
KnowBe4 UK Ltd. Registered address: Squires House, 205A High Street, West Wickham, Kent BR4 0PH, United Kingdom International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
United Kingdom |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester
|
KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required. |
Need to know only. |
|
KnowBe4 Australia Pty Ltd. Registered address: TriCor Dormers Pty Ltd, Level 3, 1049 Victoria Road, West Ryde, NSW 2114 International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
Australia |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required. |
Need to know only. |
|
KnowBe4 Japan GK. Office address: 3F, Otemachi Financial City Grand Cube, Global Business Hub Tokyo, 1-9-2 Otemachi, Chiyoda-ku, Tokyo, 100-0004, Japan International data transfer method: EC adequacy decision. |
Japan |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers. Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required. |
Need to know only. |
|
KnowBe4 Singapore Pte Ltd. Registered address: 80 Robinson Road #02-00, Singapore 068898 International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
Singapore |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required. |
Need to know only. |
|
El Pescador Softwares Ltda,, aka KnowBe4 Brazil Registered address: Avenida Ibirapuera, n° 2.315, conjunto 142, 14° andar, Edifício Platinum Tower, Indianópolis, CEP: 04029-200, na cidade de São Paulo, Estado de São Paulo International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
Brazil |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to you.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required. |
Need to know only |
|
KnowBe4 Africa Pte. Ltd. Office address: The Planet Art, 32 Jamieson St, Cape Town, 8001, South Africa International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
South Africa |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required. |
Need to know only. |
|
KnowBe4 Middle East FZ-LLC Office address: Dubai Internet City Building DIC-9, Unit 203, Dubai, UAE International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
Dubai, UAE |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
First level of support to customers, where required.. |
Need to know only. |
|
KnowBe4 Research AS Office address: Kristian Augusts Gate 13, 0164 Oslo, Norway International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
Norway |
KMSAT Console Administrator, KMSAT Console User, KCM GRC Console User, Backup and Recovery Site, Console User Metadata, KMSAT Console, KCM GRC, Primary Business Contact, Ticket Requester |
KMSAT Console information, KCM GRC Data. Other information required to provide research and analytical tasks for the group.
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
Research and Development. |
Need to know only. |
|
KnowBe4 India Private Limited
601A, 6th Floor, World Trade Center Kochi, Tower A, Infopark, Kusumagiri P O, Kakkanad, Kochi, Kerala, India – 682030 International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures. |
India |
Security Coach Data |
Security Coach
Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege. |
Research and Development. |
Need to know only. |
Comments
0 comments
Article is closed for comments.