KnowBe4 Security

KnowBe4 Sub-Processors

KnowBe4 currently uses third-party sub-processors to provide infrastructure services and to help us provide customer support and email notifications. Prior to engaging any third-party sub-processor, KnowBe4 performs due diligence evaluations to ensure their privacy, security, and confidentiality practices and executes a data processing agreement (DPA) to ensure compliance with applicable legislation.

 

Key Terms: 

KMSAT Console Administrator: Any user labeled an administrator in the KMSAT console.

KMSAT Console User: Any user located in KnowBe4’s KMSAT software as a service (SaaS) platforms. This includes end-users, admins, partner users, or any other user that is created in the console(s). (This includes PhishER.)

KCM GRC Console User: Any user uploaded into KnowBe4’s KCM GRC SaaS platform. This includes end-users, admins, partner users, vendor users, or any other user that is created in the console.

Backup and Recovery Site: Secondary data centers. These are generally used for disaster recovery.

Console User Metadata: Summarizes basic user information. This includes general information such as date created, time error generated, or date modified. This does not always tie back to a specific user. 

KMSAT Console: KnowBe4’s flagship product that provides security awareness training and simulated phishing services.

KCM GRC: Knowbe4’s governance, risk, and compliance tool.

Primary Business Contact: This individual is generally the main point of contact for KnowBe4’s customer success managers (CSMs).

Ticket Requester: Any individual that submits a support ticket to KnowBe4.

 

KMSAT Sub-Processor Listing

Infrastructure Sub-Processors

Name Data Storage Location Data Subjects Categories of Data Processed Privacy and Security Controls Purpose

Amazon AWS

 

Website: amazon.com

 

Address: 410 Terry Ave N Seattle, WA 98109, USA



Method of Transfer:

EU Standard Contractual Clauses


 


 

 

 

 

 

 

Option 1 (default): Amazon AWS Data Center in the United States, Northern Virginia (us-east-1) 

 

Backup and Recovery Site: Amazon AWS Data Center in the United States, Oregon (us-west-2)

-------------

Option 2: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1)

 

Backup and Recovery Site: Amazon AWS Data Center Frankfurt, Germany (eu-central-1)

-------------




Option 3: Amazon AWS Data Center in Montreal, Canada (central)

 

Backup and Recovery Site: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1)

-------------

Option 4: Amazon AWS Data Center in London, England (eu-west-2)

 

Backup and Recovery Site: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1)

-------------

 

Option 5: Amazon AWS Data Center in Frankfurt, Germany (eu-central-1)

Backup and Recovery Site: Amazon AWS Data Center in Europe located in Dublin, Ireland (eu-west-1)

 

 

KMSAT  Console Users

Data Collected Directly From Customer: First Name, Last Name, Manager First Name, Manager Last Name, Business Phone Number, Business Email Address, Mobile Phone Number, Employee Title, Employee Department, IP Address, Browser Information, Training and Coaching Information

 

Generated Information: Phishing Campaign Results and Metrics, Security Awareness Training Results, Risk Score

 

 

 

KnowBe4 has reviewed and annually reviews Amazon AWS's SOC II report and other related compliance and certification documentation as a part of its vendor due diligence process.



 

KnowBe4 has executed a data processing agreement (DPA) with EC-approved standard contractual clauses for the purposes of processing data in the United States.


Necessary for providing the infrastructure for KnowBe4’s application(s). The product will not be able to function without this sub-processor.

 

Product Functionality Sub-Processors

Name and Address Data Storage Location Data Subjects Categories of Data Processed Privacy and Security Controls Purpose

Datadog

 

Website: datadoghq.com

 

Address: 620 8th Ave,45th Floor,New York, NY 10018, USA


Method of Transfer:

EU Standard Contractual Clauses


 

 

Production: Amazon AWS US Data Centers

 

Backup Data Storage:

Amazon AWS US Data Centers

Console Users

First Name, Last Name, Email Address, IP Address, Browser Information, Logging Information

 

KnowBe4 has reviewed and annually reviews Datadog's SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States.

Necessary for application logs, system logging, and analytics.

 

Pendo.io

Website: Pendo.io

 

Address: 301 Hillsborough St, Raleigh, NC 27603, USA


Method of Transfer:

EU Standard Contractual Clauses


 

 

Production: GCP Console Users Name, Email,  Phone Number, Company Number, IP Address, Usage Data

KnowBe4 has reviewed and annually reviews Pendo.io SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States.

Allows capture of metrics to improve the product.

Sub-Processors Used to Provide Support Services 

Name Data Storage Location Data Subjects Categories of Data Processed Privacy and Security Controls Purpose

Zendesk

 

Website: Zendesk.com

 

Address: 989 Market St, San Francisco, CA 94103, USA

 

Method of Transfer:

EU Standard Contractual Clauses


 

Production: Amazon AWS Data Centers (us-east-1)

 

Backup Data Storage: Amazon AWS Data Centers in the United States

Console Administrators, Ticket Requesters

 

Ticket ID, Requester ID, Status, Assignee ID, Custom Fields

KnowBe4 has reviewed and annually reviews Zendesk’s SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States.

 

Allows KnowBe4 to track support requests across channels to improve team performance.

Salesforce

 

Website: Salesforce.com

 

Address: Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA

 

Method of Transfer:

EU Standard Contractual Clauses


 

Production:

 

Salesforce Data Centers in Chicago, Illinois

 

Backup Data Storage:

Salesforce Data Centers in Washington, USA

Primary Business Contacts, Ticket Requestors

 

**Does not have direct access to KMSAT console information**

 

 

Name, Email, Contact Information, Device and Usage Data, Company  Billing Information, IP Address, Job Title, Cookies (required, functional), Telephony Log Information

KnowBe4 has reviewed and annually reviews Salesforce's SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States.

Used for Customer relationship management.

 

 

 

Mixpanel

 

Website: mixpanel.com

 

Address: One Front St, Floor 28, San Francisco, CA 94111, USA

 

Method of Transfer:

EU Standard Contractual Clauses


 

Production: Google Cloud Data Centers in the United States

 

Backup Data Storage:

Google Cloud Data Centers in the United States

Primary Business Contacts (past or present), Console Users

 

 

Name, Email, Postal Address, Phone Number, Company Number, IP Address, Usage Information

KnowBe4 has reviewed and annually reviews Mixpanel's SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States.

Allows for the analysis,  measurement, and improvement of our customer experience.

Hubspot

 

Website: Hubspot.com

 

Address:

2 Canal Park,Cambridge, MA 02141, USA


 

Method of Transfer:

EU Standard Contractual Clauses


 

Production:

Amazon AWS Data Centers (us-east-1)

 

Backup Data Storage:

Amazon AWS Data Centers in the United States

 

 

Console Administrators Administrator emails

KnowBe4 has reviewed and annually reviews Hubspot’s SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States.

Used for customer relationship management

 

Insided

 

Website: Insided.com

 

Address:

Singel 118, Amsterdam, 1015 AE, The Netherlands

 

Method of Transfer:

EU Standard Contractual Clauses


 

Production:

Amazon AWS Data Centers (us-east-1)

 

Backup Data Storage:

Amazon AWS Data Centers in the United States

 

 

Community end users Administrator email addresses, Usage Metadata, General Demographic Information, Ticket IDs

KnowBe4 has reviewed and annually reviews Insided’s security certifications as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States.

Used for community engagement

KCM GRC Sub-Processor Listing

Infrastructure Sub-Processors

Name Data Storage Location Data Subjects Categories of Data Processed Privacy and Security Controls Purpose

Amazon AWS

 

Website: amazon.com

 

Address: 410 Terry Ave N Seattle, WA 98109, USA


Method of Transfer:

EU Standard Contractual Clauses


 

 

 

 

 

 

 

Production:

 

Option 1: Amazon AWS Data Centers in the United States (us-east-1)

 

Backup Data Storage: AWS Data Center (us-west-1)

 

Option 2: Amazon AWS Data Centers in Europe located in London (eu-west-2)

 

Backup Data Storage: Amazon AWS Data Center Dublin, Ireland (eu-west-1)

Customer Employees or Contractors (past or present)

Data Collected Directly from Customer: First Name, Last Name, Email Address, IP Address, Browser Information


Generated Information: Compliance, Risk, and Vendor Metrics and Documentation 

 

 

KnowBe4 has reviewed and annually reviews Amazon AWS's SOC II and ISO 27001 certification as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States.

Necessary for providing the infrastructure for KnowBe4’s KCM GRC application. The product will not be able to function without this sub-processor.

 

Product Functionality Sub-Processors

Name Data Storage Location Data Subjects Categories of Data Processed Privacy and Security Controls Purpose

Datadog

 

Website: datadoghq.com

 

Address: 620 8th Ave, 45th Floor, New York, NY 10018, USA


Method of Transfer:

EU Standard Contractual Clauses


 

 

 

Production: Amazon AWS Data Centers in the United States

 

Backup Data Storage: Amazon AWS Data Centers in the United States

Console Users

First Name, Last Name, Email Address, IP Address, Browser Information, Logging Information

 

KnowBe4 has reviewed and annually reviews Datadog's SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States.

Necessary for application logs, system logging, and analytics.

 

Pendo.io

Website: Pendo.io

 

Address: 301 Hillsborough St, Raleigh, NC 27603, USA


Method of Transfer:

EU Standard Contractual Clauses


 

 

Production: GCP Console Users KCM Metadata

KnowBe4 has reviewed and annually reviews Pendo.io SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EU-approved standard contractual clauses for the purposes of processing data in the United States.

Allows capture of metrics to improve the product.


Sub-Processors Used to Provide Support Services for KCM GRC

Name Data Storage Location Data Subjects Categories of Data Processed Privacy and Security Controls Purpose

Zendesk

 

Website: Zendesk

 

Address: 989 Market St, San Francisco, CA 94103 USA

 

Method of Transfer:

EU Standard Contractual Clauses


 

Production: Amazon AWS Data Centers (us-east-1)

 

Backup Data Storage: Amazon AWS Data Centers in the United States

Console Administrators, Ticket Requesters

 

Ticket ID, Requester ID, Status, Assignee ID, Custom Fields

KnowBe4 has reviewed and annually reviews Zendesk’s SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States.

 

Allows KnowBe4 to track support requests across channels to improve team performance.

Salesforce

 

Website: Salesforce.com

 

Address: Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA

 

Method of Transfer:

EU Standard Contractual Clauses


 

Production:

Salesforce Data Centers in Chicago, Illinois

 

Backup Data Storage:

Salesforce Data Centers in Washington, USA

Primary Business Contacts, Ticket Requestors

 

**Does not have direct access to KMSAT console information**

 

 

Name, Email, Contact Information, Device and Usage Data, Company  Billing Information, IP Address, Job Title, Cookies (required, functional), Telephony Log Information

KnowBe4 has reviewed and annually reviews Salesforce's SOC II report as a part of its vendor due diligence process.

 

KnowBe4 has executed a data processing agreement with EC-approved standard contractual clauses for the purposes of processing data in the United States.

Used for customer relationship management.

 

 

 

 

KnowBe4 affiliates used for providing customer (support) services

 

Name Data Processing Location Data Subjects Categories of Data Processed Purpose Access Level

KnowBe4, Inc. USA (HQ)


Office Address: 33 N Garden Avenue, Clearwater FL, 33755


International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

USA

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to you. 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

Storage; access for customer service and support; providing customer access and use of the services; abuse detection, prevention, and remediation; and maintaining, improving, and providing the services. Need to know only.

KnowBe4 NL B.V.

 

Registered address: Central Park, Stadsplateau 25, 3528 AZ ,Utrecht, The Netherlands


International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

Netherlands

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to you. 

 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers and shared service center activities, where required. Need to know only.

KnowBe4 Germany GmbH


Registered address: Rheinstr. 45-46, 12161 Berlin, Germany


International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

Germany

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to you. 


Any console, ticket, or audit log information processed by the support affiliates are on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required. Need to know only.

KnowBe4 UK Ltd.


Registered address: 

1 Leeds City Office Park, Meadow Lane, Leeds, LS11 5BD  United Kingdom


International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

United Kingdom

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester


 

KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.

 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required. Need to know only.

KnowBe4 AU Pty Ltd (Australia)


Registered address:
c/o Vistra (Australia) Pty Ltd, Suite 902 (Level 9), 146 Arthur Street, North Sydney, NSW 2060, Australia)


International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

Australia 

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.

 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required.   Need to know only.

KnowBe4 Japan GK


Registered Address: 

Nihonbashi 3 Chome Square 11F, 3-9-1 Nihonbashi, Chuo-ku, Tokyo, Japan 103-0027  


International data transfer method: EC adequacy decision.

Japan

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.


Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required.  Need to know only.

KnowBe4 Pte Ltd (Singapore)

Registered address:

9 Raffles Place, #26-01 Republic Plaza, Singapore 048619


International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

Singapore

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.

 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required.   Need to know only.

El Pescador Softwares Ltda,, aka KnowBe4 Brazil



Registered address: Avenida Ibirapuera, n° 2.315, conjunto 142, 14° andar, Edifício Platinum Tower, Indianópolis, CEP: 04029-200, na cidade de São Paulo, Estado de São Paulo


International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

Brazil

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to you. 

 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required. Need to know only

KnowBe4 Africa (Pty) Ltd.


Registered Address:
: c/o Moore, 2nd Floor Block 2 Northgate Park Corner Section Street and Koeberg Road Paarden Eiland, Western Cape 7405, South Africa



International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

South Africa

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers. 

 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required. Need to know only. 

 

KnowBe4 Middle East FZ-LLC 


Registered Address:

Al Sufouh Complex, Arjaan tower, Tecom, Dubai, Offices 901 & 902, Dubai, UAE



International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

Dubai, UAE

KMSAT Console Administrator,

KMSAT Console User,

KCM GRC Console User,

Backup and Recovery Site,

Console User Metadata, 

KMSAT Console,

KCM GRC,

Primary Business Contact,

Ticket Requester

KMSAT Console information, KCM GRC Data. Other information required to provide support services to customers.

 

 

Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

First level of support to customers, where required. Need to know only. 

 

KnowBe4 India Private Limited

 

Registered Address:

Tower A World Trade Centre Info Park, Kakkanad, Kochi, Kerala, 682042, India



International data transfer method: Standard Contractual Clauses (SCC’s) with appropriate technical organizational privacy and security measures.

India Security Coach Data

Security Coach


Any console, information processed by this support affiliate is on a need to know basis and follow the principle of least privilege.

Research and Development. Need to know only. 

 

Can't find what you're looking for?

Contact Support