Legal Center

Subprocessors

A current list of third-party subprocessors Kizuna engages to provide the platform, including their locations and data processing roles.

Last updated: March 24, 2026 Applies to: Platform Customers

Summary

This page lists third-party service providers that Kizuna Solutions Inc. engages as subprocessors to support the Kizuna Platform, including subscription services, APIs, and admin/tenant portals.

Table of contents
  1. 1. Scope
  2. 2. Relationship to Customer Agreements
  3. 3. Transparency & Posture
  4. 4. How We Choose Subprocessors
  5. 5. Change Management & Notifications
  6. 6. Platform Subprocessors (Current)
  7. 7. International Transfers
  8. 8. Customer-Controlled Integrations
  9. 9. Site Vendors (Non-Platform)
  10. 10. Questions

1. Scope

This page lists third-party service providers that Kizuna Solutions Inc. ("Kizuna") currently engages as subprocessors to support the Kizuna Platform (including subscription services, APIs, and admin/tenant portals).

These subprocessors may process Customer Data, including Screening Reports, Report Artifacts, Customer Configurations, and related candidate or account data, solely to provide the Platform and Services described below on Kizuna's behalf.

Vendors that support only our public marketing site (e.g., kizuna.solutions pages, forms, and campaigns) and do not process Customer Data are listed separately under Site Vendors (Non-Platform) and are not subprocessors for purposes of your Data Processing Addendum ("DPA").

2. Relationship to Customer Agreements

This public list is provided for transparency and convenience. It does not by itself create new rights or obligations except to the extent your applicable agreement with Kizuna incorporates this page by reference. Binding terms governing subprocessors are set out in your applicable Platform Terms, Order, enterprise services agreement (if any), and DPA.

If your DPA, Order, or other agreement incorporates this URL by reference (for example, for self-service or click-through accounts), this page constitutes the current list of approved Platform subprocessors for that agreement as of the Effective Date above.

If your DPA or Order includes its own subprocessor annex or a tailored list, that annex or list controls for your account to the extent of any inconsistency with this page.

In all cases, Kizuna remains responsible for each subprocessor's performance of the data-protection obligations Kizuna flows down under the DPA, subject to the limitations set out in the applicable services agreement.

3. Transparency & Posture

For Customer Data processed through the Platform, Kizuna generally acts as a service provider / processor, and the third parties listed below act as Kizuna's subprocessors under written agreements.

  • We do not sell personal information for money or share it for cross-context behavioral advertising.
  • We do not permit subprocessors, including model-hosting or inference providers, to use Customer Data to train their generalized models unless a Customer expressly opts in through a separate written agreement.
  • We limit each subprocessor's access to the minimum Customer Data reasonably necessary to perform its contracted services and require confidentiality, security, and data-protection commitments consistent with our DPA.

4. How We Choose Subprocessors

Before engaging a subprocessor that will process Customer Data, Kizuna generally:

  • evaluates the provider's security, privacy, and regulatory posture;
  • enters into a written agreement requiring the provider to process Customer Data only on Kizuna's instructions and to implement appropriate confidentiality, security, and data-protection safeguards;
  • limits the provider's access to the categories of Customer Data reasonably necessary for the contracted service; and
  • addresses onward subcontracting and cross-border transfers in accordance with the DPA.

5. Change Management & Notifications

We may update this list from time to time as we add or remove subprocessors.

  • Advance notice. Where your DPA requires it, we will provide at least 30 days' advance notice before authorizing any new or replacement Platform subprocessor that will process Customer Data, by updating this page and/or by direct notice (for example, email or in-product notification) as specified in your DPA.
  • Subscribe to updates. To receive email notifications of changes to this list, email support@kizuna.solutions with the subject line: "Subscribe – Subprocessor Updates" and include your organization name and account email domain.
  • Right to object. If your DPA grants you a right to object to a new or replacement subprocessor, you may exercise that right by emailing support@kizuna.solutions within the applicable notice period (or, if your agreement does not specify a period, within thirty (30) days after notice), describing your reasonable, documented data-protection grounds. We will work in good faith to address your concerns, which may include adjusting configuration, using an alternative subprocessor where reasonably available, or, if no reasonable mitigation exists, permitting suspension or termination of the affected Services as set out in the DPA or other applicable agreement.

6. Platform Subprocessors (Current)

The following subprocessors support the Kizuna Platform. Actual subprocessors used for a particular Customer may vary depending on the Customer's region, chosen features, and integrations. Data access is limited to what is needed for the stated purpose and enabled features.

6.1 Amazon Web Services, Inc. ("AWS")

  • Purpose: Cloud infrastructure (compute, storage, networking, managed key services) for the Kizuna Platform
  • Data categories: Customer account data; Screening Reports and Report Artifacts stored or processed through the Platform; Customer Configurations; application metadata; and security logs.
  • Primary region: United States

6.2 Render

  • Purpose: Application hosting/orchestration for certain backend and worker services
  • Data categories: Application runtime metadata and logs related to hosted services (designed to limit inclusion of raw report contents)
  • Primary region: United States

6.3 Datadog

  • Purpose: Observability and monitoring (metrics, logs, traces) for Platform infrastructure and services
  • Data categories: Infrastructure and application logs/metrics that may incidentally include limited Customer Data in error or debug fields; configured to minimize inclusion of sensitive report content
  • Primary region: United States (and other Datadog regions as applicable to our deployment)

6.4 Railway

  • Purpose: Infrastructure and application hosting for certain Platform components
  • Data categories: Application runtime metadata and limited logs related to hosted components (no intentional storage of full report PDFs)
  • Primary region: United States

6.5 Vercel

  • Purpose: Hosting and delivery of certain web front-end components and static assets for the Platform
  • Data categories: HTTP request/response metadata, limited logs (e.g., IP address, user agent) associated with use of Platform front-end components
  • Primary region: United States (with additional edge locations as provided by Vercel)

6.6 Anthropic PBC ("Claude")

  • Purpose: Model-hosting and inference services used to support approved AI-powered Platform features
  • Data categories: Minimal text spans, structured fields, prompts, outputs, and related metadata reasonably necessary to provide the relevant feature; configured to avoid sending full report PDFs or unnecessary identifiers wherever feasible.
  • Primary region: United States (or other Anthropic-supported regions selected by Kizuna)

6.7 Sentry (error monitoring & session diagnostics)

  • Purpose: Error monitoring and limited UI/session diagnostics for the Platform
  • Data categories: Pseudonymous identifiers; error details; limited interaction context (configured to avoid SSNs, full dates of birth, and full Screening Reports / Report Artifacts wherever feasible)
  • Primary region: United States

Data minimization by design. Kizuna designs Platform operations, diagnostics, and AI-assisted features to avoid including full SSNs, full dates of birth, or full Screening Report / Report Artifact PDF content in error-monitoring payloads, logs, or model prompts except where technically necessary for the requested operation. Where feasible, prompts and diagnostics include only the minimum text spans, structured fields, or metadata needed for the feature being used.

7. International Transfers

Where a subprocessor is located in a different country than the Customer or data subject, Kizuna implements appropriate transfer safeguards as described in our DPA (for example, EU Standard Contractual Clauses, the UK Addendum, or other lawful mechanisms) and requires subprocessors to provide equivalent protections for Customer Data.

8. Customer-Controlled Integrations & Other Third Parties

Customers may choose to connect third-party services to the Platform, such as CRAs, ATS/HRIS systems, identity providers, email systems, or other approved integrations. These integrations are typically Customer-controlled, which means:

  • the Customer has the direct contractual relationship with the third-party provider;
  • the third party processes personal information under the Customer's instructions and its own contractual/privacy terms, not as a subprocessor engaged by Kizuna; and
  • Kizuna accesses or exchanges data with those services only as authorized by the Customer and processes the resulting data as Customer Data within the Platform.

Because these third-party services are generally not engaged by Kizuna to process personal information on Kizuna's behalf, they are not listed here as Kizuna subprocessors. Customers are responsible for reviewing and managing their own third-party providers under their own privacy, security, and compliance programs.

9. Site Vendors (Non-Platform)

The following vendors support kizuna.solutions website pages, forms, campaigns, or website analytics only. They do not process Customer Data within the Kizuna Platform and are not Kizuna subprocessors for purposes of the DPA.

9.1 Other marketing tools

From time to time we may use additional marketing or analytics tools for the Site (for example, form providers or ad platforms). Any such tools will only be used in accordance with our Privacy Policy. They are not granted access to Customer Data stored in the Kizuna Platform.

10. Questions

For questions about this page or to subscribe to subprocessor updates, contact support@kizuna.solutions. Customers may request additional security, privacy, and compliance documentation through the Kizuna Trust Center, account team, or under NDA where appropriate.

Related documents

Data Processing AddendumGoverning terms for Kizuna's processing of personal data on behalf of customers.Read →Privacy PolicyHow Kizuna collects, uses, and protects personal data.Read →

Smarter hiring starts here

How it works Book a demo