To support the delivery of our services, KnowBe4 engages trusted third-party sub-processors to provide infrastructure services, support, analytics, and customer relationship management. All sub-processors undergo KnowBe4’s privacy, security, and confidentiality assessment. Data processing agreements (DPAs) and Standard Contractual Clauses (SCCs), where applicable, are in place to ensure compliance with relevant laws.
Infrastructure Sub-Processors
| Name | Data Location | Purpose | Personal Data Types | Security Measures |
|---|---|---|---|---|
| Amazon Web Services | Based on customer selection | Hosting all or part of threat data and service delivery infrastructure | Customer provided content, Email Metadata | AWS Compliance Programs AWS Compliance Programs (link opens in new window) |
| Microsoft Azure | Based on customer selection | Hosting all or part of threat data and service delivery infrastructure | Customer provided content, Email Metadata | Azure Privacy Information Azure Privacy Information (link opens in new window) |
| MongoDB | Based on customer selection | Hosting all or part of threat data and service delivery infrastructure | Customer provided content, Email Metadata | MongoDB Privacy Information MongoDB Privacy Information (link opens in new window) |
Product Functionality Sub-Processors
| Name | Data Location | Purpose | Personal Data Types | Security Measures |
|---|---|---|---|---|
| Datadog | US AWS Data Centers | Application/system logging, analytics, and monitoring | Security logging information | Datadog Security and Compliance Datadog Security and Compliance (link opens in new window) |
| Mixpanel | US GCP Data Centers | Capture metrics to improve product functionality, aggregated analytics | Navigation Usage Insights | Mixpanel Security Measures Mixpanel Security Measures (link opens in new window) |
| Pendo.io | Google Cloud Platform (GCP) / United States | Capture metrics to improve product functionality, aggregated analytics | Navigation Usage Insights | Pendo Privacy and Security Pendo Privacy and Security (link opens in new window) |
| Wiz.io | US AWS Data Centers | Cloud security posture management to ensure the security of KnowBe4 cloud assets | Configuration and Asset Metadata | Wiz Security Measures Wiz Security Measures (link opens in new window) |
| Okta (Auth0) | Region of your choosing; either US, UK, EU, AU, or CA | Global User Authentication Service | First name, last name, email address, general user identifiers | Okta Security Okta Security (link opens in new window) |
| LaunchDarkly | US Data Centers | Product Functionality and Feature Flag Enablement | Account Identifiers, Limited Scope User Data | Launchdarkly Security Program Launchdarkly Security Program (link opens in new window) |
| ElevenLabs | US AWS Data Centers | Voice and video processing for security awareness training modules. No data is sent to elevenlabs if you do not use this feature. | Audio samples provided by customers for the creation of training content. This data will not be used for improving any AI models. The cloned voice will be temporarily processed in Elevenlabs and deleted as soon as the text has been converted to speech. There will be no persistent storage in Elevenlabs. | Elevenlabs Trust Center Elevenlabs Trust Center (link opens in new window) |
| Mailgun (Sinch Email) | United States | Provides mail delivery services for automated alerts/notifications | Email notifications to Workspace users | Mailgun Privacy Policy Mailgun Privacy Policy (link opens in new window) |
| Twilio | Varies as determined by User | Provides mobile SMS messages for multi-factor authentication (must be enabled by Customer) | Phone number | Twilio Security / Trust Center Twilio Security / Trust Center (link opens in new window) |
| Google Cloud Platform (GCP) | United States | Supporting advanced, optional product features (such as AI capabilities) | Customer Data (as defined in our DPA) submitted to or processed by through the KnowBe4 services. Customers retain full discretion over whether to use these features; GCP is only engaged and will only process Customer Data if Customer chooses to use them | Google Cloud Platform Trust Center Google Cloud Platform (link opens in new window) |
Support Services Sub-Processors
| Name | Data Location | Purpose | Personal Data Types | Security Measures |
|---|---|---|---|---|
| Hubspot | US AWS Data Centers | Customer relationship management (CRM) | Customer relationship management information | Hubspot Trust Hub Hubspot Trust Hub (link opens in new window) |
| Gainsight (formerly inSided) | US AWS Data Centers | Community engagement platform | Customer relationship management information | Gainsight TOMs Gainsight TOMs (link opens in new window) |
| Salesforce | US Salesforce Data Centers | Customer relationship management (CRM) | Customer relationship management information | Salesforce Privacy Measures Salesforce Privacy Measures (link opens in new window) |
| Zendesk | US AWS Data Centers | Support ticket management | Customer support data | Zendesk Security Measures Zendesk Security Measures (link opens in new window) |
| Zoom Video Communications, Inc. | United States | Telephony and technology tools for support | Customer relationship management, Sales enablement, Customer support data | Zoom Trust Portal Zoom Trust Portal (link opens in new window) |
| Churnzero | United States | Customer Success | Customer relationship management information | Churnzero Security Churnzero Security (link opens in new window) |
| Forethought.ai | United States | Customer Support Ticket Management | Zendesk Ticket Data | |
| Google Workspace | United States | Customer Support | Customer Support Information | Google Trust Center Google Trust Center (link opens in new window) |
| Anthropic, PBC (Claude Desktop) | United States | Support Services | CRM Information and Related Data for day-to-day operations | Anthropic Trust Center Anthropic Trust Center(link opens in new window) |
Affiliates for Customer Support
These affiliates may access data from KnowBe4 products on a need-to-know basis for customer support and related services. All data transfers are governed by appropriate contractual clauses and security measures.
| Affiliate | Location | Purpose | Access Level |
|---|---|---|---|
| KnowBe4, Inc. (HQ) | USA | Customer service, support | Need-to-know only |
| KnowBe4 NL B.V. | Netherlands | First-level support | Need-to-know only |
| KnowBe4 Germany GmbH | Germany | First-level support | Need-to-know only |
| KnowBe4 UK Ltd. | United Kingdom | First/Second-level support | Need-to-know only |
| KnowBe4 AU Pty Ltd | Australia | First-level support | Need-to-know only |
| KnowBe4 Japan GK | Japan | First-level support | Need-to-know only |
| KnowBe4 Pte Ltd (SG) | Singapore | First-level support | Need-to-know only |
| El Pescador Softwares Ltda | Brazil | First-level support | Need-to-know only |
| KnowBe4 Africa (Pty) Ltd | South Africa | First-level support | Need-to-know only |
| KnowBe4 Middle East FZ-LLC | UAE | First-level support | Need-to-know only |
| KnowBe4 India Pvt Ltd | India | R&D for products and services | Need-to-know only |
| KnowBe4 Costa Rica | Costa Rica | Support Services for KnowBe4 Operations | Need-to-know only |