Subprocessors Disclosure

The following tables list Kentik’s subprocessors that may process customer personal data in connection with Kentik platform services, as well as selected third party vendors that may be of interest to our customer base.

In order to satisfy the notification obligations in our DPA, Kentik will update this list promptly when engaging new subprocessors. Customers may subscribe to receive updates by sending an email to privacy@kentik.com with the subject “Subprocessor Subscription Request.” You can also subscribe via your preferred RSS reader at https://www.kentik.com/legal/subprocessors.xml or by using the following command in Slack:
/feed subscribe https://www.kentik.com/legal/subprocessors.xml.

Due diligence

Prior to use, Kentik evaluates the security, privacy, and confidentiality commitments of each vendor that may interact with sensitive data. This includes review of materials such as contractual commitments, data protection agreements, security audit reports, system documentation, and/or company privacy policies. For more information about our vendor and subprocessor due diligence procedures, please see our security whitepaper, trust center, or request a copy of our SOC 2 report.

Contractual safeguards

Kentik requires subprocessors to provide similar security, privacy, and confidentiality commitments relative to those Kentik offers to its own customers under the Kentik DPA. This includes requirements to:

• Limit processing of personal data to documented instructions contained in contractual agreements and written communications.
• Ensure personnel handling sensitive data are bound by confidentiality agreements and are vetted before handling sensitive data, including via background checks.
• Prohibit the sale or sharing of sensitive information.
• Implement and maintain appropriate technical, organizational, and procedural safeguards to ensure the confidentiality, availability, and integrity of data.
• Comply with all relevant data protection laws and regulations.
• Inform Kentik of any security incidents, breaches, or unauthorized disclosures.
• Cooperate with reasonable requests or otherwise provide mechanisms to audit or assess the state of security practices.
• Respond to legitimate data subject rights requests, including support for viewing, editing/correcting, deleting, and restricting processing of personal information.
• Delete or return data at the conclusion of services, except as otherwise authorized or required by law.

Subprocessors

The following are declared subprocessors that may interact with production data, including personal data, in the normal course of business:

Name	Description	Used for	Headquarters
Amazon (AWS)	Data center services	- Data ingestion from customer AWS accounts	410 Terry Avenue North, Seattle, WA 98109, US
Google Cloud (GCP)	- Data center services - AI-based product features	- Data ingestion from customer GCP accounts - Offsite configuration backups - AI features, when enabled (AI features are disabled by default and must be turned on by a highly-privileged admin)	1600 Amphitheatre Parkway Mountain View, CA 94043, US
Microsoft Azure	Data center services	- Data ingestion from customer AWS accounts	1 Microsoft Way, Redmond, WA 98052, US
PagerDuty	Transactional email	- Operational notifications	600 Townsend St, Ste 200, San Francisco, CA 94103, US
Pendo	Transactional communications	- Product analytics and customer feedback	301 Hillsborough St, Raleigh, NC 27603, US
Sendgrid	Transactional email	- Product notifications	1801 California Street, Suite 500. Denver, CO 80202, US
OpenAI	AI-based product features	- AI features, when enabled (AI features are disabled by default and must be turned on by a highly-privileged admin)	3180 18th Street, San Francisco, CA 94110, US
Zendesk	Support ticketing	- Product troubleshooting	989 Market St., San Francisco, CA 94103, US

Service providers

The following vendors provide corporate services for Kentik that may have occasional or incidental exposure to customer personal data. Such exposure may be determined by customer communication practices and support needs.

Name	Description	Headquarters
Google Workspace	- Corporate email - Corporate file storage - Multi-factor authentication	1600 Amphitheatre Parkway Mountain View, CA 94043, US
Slack	Transactional communications	500 Howard Street, San Francisco, CA 94105, US
Salesforce	Customer Relationship Management (CRM)	415 Mission Street, San Francisco, CA 94105, US

The following vendors provide co-location facilities that host Kentik-owned servers underlying the Kentik platform. While our operations, physical security, and audit posture may rely on the performance of these vendors, they do not interact directly with customer production information and are not considered subprocessors according to the terms of our DPA:

Name	Description	Facility Location
Deft	Co-location facility	Ashburn, VA or Frankfurt, Germany
Equinix	Co-location facility	Ashburn, VA
Databank	Co-location facility	Ashburn, VA

Synthetics testing agents

In addition, Kentik also maintains a global network of synthetic testing agents from a variety of providers and locations designed to help customers evaluate routing, network, and application responsiveness for their systems. Customers may select Kentik-provided agents at their own discretion or may elect to deploy privately-hosted agents instead. Customers who are not subscribed to Kentik’s Synthetics monitoring services are not exposed to this feature. Kentik offers agents from a variety of common cloud providers to meet local preferences across our international customer base, including AWS, Google Cloud, Azure, IBM Cloud, Alibaba Cloud, and other hosting providers. To read more about our synthetic testing system, please see https://kb.kentik.com/v4/Ma01.htm.

Questions

If you have any questions about subprocessor use or wish to object to a specific subprocessor engagement, please contact us at privacy@kentik.com with legal@kentik.com cc’ed.

Last updated: 11/15/24