Trust
Sub-processors
The third-party vendors Kavanah uses to process customer data, what each one does, and where it operates.
Last updated: July 1, 2026
Kavanah engages a small set of trusted vendors to deliver the Service. Each sub-processor accesses customer data only to the extent necessary to perform its function and is bound by contractual data-protection obligations. This page is the authoritative list referenced by our Data Processing Addendum.
Infrastructure sub-processors
These vendors host or store customer data on Kavanah's behalf.
| Vendor | Purpose | Data processed | Region |
|---|---|---|---|
| Vercel | Application hosting & serverless compute | All request/response data in transit | United States |
| Neon | Managed Postgres database (primary data store & backups) | All workspace data at rest | United States |
AI sub-processors
These vendors power Kavanah's AI features. They process only the content sent to a given AI request and, per their enterprise terms, do not train their models on that content. See AI Transparency for the full data-use posture.
| Vendor | Purpose | Data processed | Region |
|---|---|---|---|
| Anthropic | Claude models — the AI agent, drafting, summarization | Prompt content for AI requests (messages, task context you send to the agent) | United States |
| OpenAI | Image generation (e.g. AI persona avatars) | Text prompts for image generation | United States |
Operational sub-processors
These vendors support billing and platform notifications.
| Vendor | Purpose | Data processed | Region |
|---|---|---|---|
| cred.diy | Subscription billing & payments | Billing contact and plan/usage data | United States |
| Apple Push Notification service (APNs) | Push notifications to iOS / macOS apps | Device tokens, notification content (message previews) | United States |
| Google Firebase Cloud Messaging (FCM) | Push notifications to Android apps | Device tokens, notification content | United States |
Customer-authorized integrations
Kavanah also connects to third-party services at your explicit direction — for example Google Workspace, Microsoft 365, Notion, GitHub, ClickUp, ClearBooks, and others. These are not Kavanah sub-processors: the data flow is one you initiate by connecting an account, and it is governed by your agreement with that provider. Kavanah stores the access credential (encrypted) and moves data only between your Kavanah workspace and the service you connected. You can disconnect any integration at any time from Settings → Integrations, which revokes Kavanah's access.
Change notifications
When we add or replace a sub-processor that handles customer data, we update this page and — for customers with an executed DPA that requests it — provide advance notice so you have the opportunity to object. To subscribe to sub-processor change notices, email security@kavanah.ai.
Questions from a security, privacy, or procurement team? Email security@kavanah.ai. For SOC 2, penetration-test, or questionnaire artifacts shared under NDA, use the request forms on the Trust & Compliance page.