K
Kendra
Public Beta
⚠ DRAFT — Pending Attorney Review. This document is a placeholder published during YourKendra's Public Beta. Attorney review is scheduled this week. Final versions will publish at /legal/final/ after review. For questions, email legal@yourkendra.com.

YourKendra — Subprocessors

Last updated: 2026-04-19 · Version 0.1-draft

Core infrastructure

Sub-processorPurposeData typeLocationCompliance / DPA
SupabaseDatabase, authentication, storageAll Customer Data at restUS (AWS us-east)Privacy · DPA on request
NetlifyWeb hosting + serverless functionsApplication trafficUSPrivacy · DPA on request
StripeSubscription billing + payment processingPayment card data, billing addressUSPrivacy · PCI DSS L1
ResendTransactional email deliveryEmail addresses, message bodiesUSPrivacy

AI providers

Sub-processorPurposeData typeTraining opt-out?
Anthropic (Claude)Primary AI text generation for every employeePrompts + responses (transient)Yes — API tier disables training
OpenAI (GPT-4o)Fallback AI text generationPrompts + responses (transient)Yes — API tier disables training
ElevenLabsVoice synthesis (Kendra + Marcus voice notes + Jordan audio briefings)Voice samples (if customer opts into cloning), text for TTSYes

Voice + telephony

Sub-processorPurposeData type
Retell AIVoice AI infrastructure (Kendra answers calls)Call audio, transcripts, metadata
TwilioPhone number lookups (caller intel), SMS if opted inPhone numbers, lookup metadata

Data enrichment

Sub-processorPurposeData type
TavilyWeb search (Marcus prospect discovery + Aria trend scan)Search queries
FirecrawlWeb page scrapingTarget URLs

Optional / customer-initiated

These sub-processors receive data only when the customer explicitly connects them via OAuth:

- Google (Gmail + Calendar) — customer's inbox + calendar events
- Microsoft (Outlook + M365) — customer's inbox + calendar events [app in development]
- HubSpot — contacts, deals
- Slack — message posting to customer's workspace
- QuickBooks / Xero / FreshBooks — invoices, payments [app in development]
- Calendly / Cal.com — meeting bookings [app in development]

Analytics

Sub-processorPurposeOpt-in required?
PostHogProduct analytics (opt-out via cookie banner)EU/CA visitors: yes
---

How we add new sub-processors

1. Evaluate compliance posture (DPA available, SOC 2, GDPR-compliant)
2. Sign DPA
3. Update this list at least 30 days before processing begins
4. Notify customers who have requested notification

Customer objections

If you object to a new sub-processor, email privacy@yourkendra.com within 14 days of our notice. We'll work with you to find an alternative or offer termination with pro-rated refund.

END · VERSION 0.1-DRAFT · PENDING ATTORNEY REVIEW

← Back to Trust & Compliance