Get a demo of our new product!🔥

kizuna

Product

Why us

Science

About

Get demo

kizuna

kizuna

Kizuna Subprocessors

Kizuna Subprocessors

Kizuna Subprocessors

Last Updated: December 11, 2025

1. Scope

This page lists third-party service providers that Kizuna Solutions Inc. (“Kizuna”) currently engages as subprocessors to support the Kizuna Platform (including subscription services, APIs, and admin/tenant portals).

These subprocessors may process Customer Data (including Candidate Report Artifacts, as defined in your agreement with Kizuna) solely to provide the services described below.

Vendors that support only our public marketing site (e.g., kizuna.solutions pages, forms, and campaigns) and do not process Customer Data are listed separately under Site Vendors (Non-Platform) and are not subprocessors for purposes of your Data Processing Addendum (“DPA”).

2. Relationship to Customer Agreements

This public list is provided for transparency and convenience. It does not by itself create new rights or obligations. Binding terms governing subprocessors are set out in your applicable Master Services Agreement, Order, and DPA.

  • If your DPA or Order incorporates this URL by reference (for example, for click-through or self-service accounts), this page constitutes the current list of approved Platform subprocessors for that agreement as of the Effective date above.

  • If your DPA or Order includes its own subprocessor annex or a tailored list, that annex or list will control for that Customer to the extent of any inconsistency with this page.

In all cases, Kizuna remains responsible for each subprocessor’s performance of the data-protection obligations we flow down to them under the DPA (subject to the limitations set out in your services agreement).

3. Transparency & Posture

For Customer Data processed in the Platform, Kizuna acts as a service provider/processor, and the third parties listed below act as subprocessors under written agreements.

  • We do not “sell” personal information or “share” it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

  • We do not permit subprocessors to train their generalized models on Customer Data unless a Customer expressly opts in via an Order and/or DPA exhibit.

  • We limit each subprocessor’s access to the minimum Customer Data necessary to perform its contracted services and require appropriate confidentiality, security, and data-protection commitments, consistent with our DPA.

4. How We Choose Subprocessors

Before engaging a subprocessor that will process Customer Data, we:

  • assess the provider’s security, privacy, and regulatory posture (for example, by reviewing security documentation and data-protection terms);

  • enter into a written contract that requires the subprocessor to safeguard Customer Data and to process it only on Kizuna’s documented instructions; and

  • restrict onward subcontracting and international transfers as described in our DPA where applicable.

5. Change Management & Notifications

We may update this list from time to time as we add or remove subprocessors.

  • Advance notice. Where your DPA requires it, we will provide at least 30 days’ advance notice before authorizing any new or replacement Platform subprocessor that will process Customer Data, by updating this page and/or by direct notice (for example, email or in-product notification) as specified in your DPA.

  • Subscribe to updates. To receive email notifications of changes to this list, email privacy@kizuna.solutions with the subject line: “Subscribe – Subprocessor Updates” and include your organization name and account email domain.

  • Right to object. If your DPA grants you a right to object to new subprocessors, you may exercise that right by emailing privacy@kizuna.solutions within the applicable notice period, describing your reasonable, documented data-protection grounds. We will work in good faith to address your concerns, which may include adjusting configuration, proposing an alternative, or (if no reasonable mitigation exists) allowing you to terminate the affected services as set out in the DPA.

6. Platform Subprocessors (Current)

The following subprocessors support the Kizuna Platform. Actual subprocessors used for a particular Customer may vary depending on the Customer’s region, chosen features, and integrations. Data access is limited to what is needed for the stated purpose and enabled features.

6.1 Amazon Web Services, Inc. (“AWS”)

  • Purpose: Cloud infrastructure (compute, storage, networking, managed key services) for the Kizuna Platform

  • Data categories: Customer account data; Candidate Report Artifacts; configuration and workflow data; application and security logs/metadata

  • Primary region: United States

6.2 Render

  • Purpose: Application hosting/orchestration for certain backend and worker services

  • Data categories: Application runtime metadata and logs related to hosted services (designed to limit inclusion of raw report contents)

  • Primary region: United States

6.3 Datadog

  • Purpose: Observability and monitoring (metrics, logs, traces) for Platform infrastructure and services

  • Data categories: Infrastructure and application logs/metrics that may incidentally include limited Customer Data in error or debug fields; configured to minimize inclusion of sensitive report content

  • Primary region: United States (and other Datadog regions as applicable to our deployment)

6.4 Railway

  • Purpose: Infrastructure and application hosting for certain Platform components

  • Data categories: Application runtime metadata and limited logs related to hosted components (no intentional storage of full report PDFs)

  • Primary region: United States

6.5 Vercel

  • Purpose: Hosting and delivery of certain web front-end components and static assets for the Platform

  • Data categories: HTTP request/response metadata, limited logs (e.g., IP address, user agent) associated with use of Platform front-end components

  • Primary region: United States (with additional edge locations as provided by Vercel)

6.6 Anthropic PBC (“Claude”)

  • Purpose: AI model hosting and inference services used to provide AI-powered text processing features in the Platform (for example, parsing, formatting, and generating draft summaries or annotations of textual inputs)

  • Data categories: Text and structured fields submitted to AI features as prompts (which may include portions of report text or related context), and associated outputs/metadata; configured to avoid sending full report PDFs or unnecessary identifiers wherever feasible

  • Primary region: United States (or other regions as Anthropic makes available and we select)

6.7 Sentry and/or LogRocket (error monitoring & session diagnostics)

  • Purpose: Error monitoring and limited UI/session diagnostics for the Platform

  • Data categories: Pseudonymous identifiers; error details; limited interaction context (configured to avoid SSNs, full dates of birth, and full background-report PDFs wherever feasible).

  • Primary region: United States


Data minimization by design: We avoid including SSNs, full dates of birth, or full background-report PDF content in error-monitoring payloads or AI prompts. Prompts and diagnostics contain only the minimal text spans required for the requested operation, wherever technically feasible.


7. International Transfers

Where a subprocessor is located in a different country than the Customer or data subject, Kizuna implements appropriate transfer safeguards as described in our DPA (for example, EU Standard Contractual Clauses, the UK Addendum, or other lawful mechanisms) and requires subprocessors to provide equivalent protections for Customer Data.

8. Customer-Controlled Integrations & Other Third Parties

Customers may choose to connect their own third-party services to the Kizuna Platform (for example, background-check providers/CRAs, applicant tracking systems, HRIS platforms, email systems such as Google Workspace or Microsoft 365, or single sign-on/identity providers).

These integrations are typically Customer-controlled, meaning:

  • The Customer has a direct contractual relationship with the third-party service (e.g., CRA, email provider, identity provider).

  • The third party processes personal data as an independent controller or processor for the Customer, not as a subprocessor of Kizuna.

  • Kizuna accesses data from those services only as instructed by the Customer and processes it as Customer Data within the Platform.

Because these third-party services are not engaged by Kizuna to process personal data on Kizuna’s behalf, they are not listed as Kizuna subprocessors. Customers should review and manage their own third-party providers (for example, CRAs, email providers, and SSO/IdP services) under their own privacy and security programs.

9. Site Vendors (Non-Platform)

The following third-party services support kizuna.solutions marketing pages, forms, or campaigns. They do not process Customer Data as defined in our DPA and are not subprocessors for purposes of the Kizuna Platform.

9.1 Framer (Framer B.V.)

  • Purpose: Hosting and delivery of kizuna.solutions marketing pages and built-in, privacy-first site analytics

9.2 Other marketing tools

From time to time we may use additional marketing or analytics tools for the Site (for example, form providers or ad platforms). Any such tools will only be used in accordance with our Privacy Policy. They are not granted access to Customer Data stored in the Kizuna Platform.


Questions

For questions about this page or to subscribe to subprocessor updates, contact: privacy@kizuna.solutions.

Looking for detailed security, privacy, and compliance documentation? Customers can access additional artifacts via the Admin Console Trust Center or under NDA upon request.