Overview
Konfir uses third-party service providers (“subprocessors”) to help deliver and operate our verification services. These may include providers for infrastructure hosting, customer support tooling, communications, and specialised verification components.
Subprocessors are only engaged where necessary, and are subject to contractual, security, and data protection requirements.
Disclaimer: This article provides a high-level overview of how Konfir governs subprocessors. For the authoritative subprocessor list, refer to: https://www.konfir.com/client/security
What is a subprocessor?
A subprocessor is a third party that processes personal data on Konfir’s behalf in order to provide part of the service.
For example, subprocessors may support:
Secure cloud hosting and backups
Identity or verification services
Customer support and communications
Service monitoring and operational tooling
Konfir remains accountable for subprocessors it appoints as part of delivering the service.
How Konfir governs subprocessors
When Konfir uses subprocessors, we apply governance controls including:
Limiting access to the minimum data needed for the task
Putting written contracts in place with appropriate data protection terms
Applying confidentiality and security requirements aligned to our obligations
Maintaining oversight and accountability for subprocessor performance
Subprocessor list
Konfir maintains an up-to-date list of subprocessors at: https://www.konfir.com/legal/processors. This list includes:
The provider name
The type of data involved
The purpose of processing
The processing location
Third-party controllers
In some cases, third parties may assist in delivering Konfir services but act as independent controllers of the personal data provided to them. These relationships are also documented in Konfir’s published materials.
