Subprocessors
Subprocessors
Every third-party processor we engage to operate this surface, with purpose, data categories, region, and transfer mechanism.
About this list
This page lists every third party we engage to process personal data on behalf of Knowledge Commons. The current catalog version is 2026-05-27.
We notify account holders at least 30 days before adding a new subprocessor with access to personal data, except where a faster change is required to maintain service security or to comply with law.
Subprocessors flagged "conditional" are only engaged when a specific feature or integration is in use.
AI — large language models (chat / assistant)
| Subprocessor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| OpenAI, L.L.C. openai.com/ Conditional: Engaged only when the platform/tenant configures OpenAI as the chat provider. | Hosted large-language-model inference for chat/assistant flows when the operator selects OpenAI as the chat provider. | User chat messages, Retrieved content snippets, System prompt text | United States | EU SCCs (2021/914) + supplementary measures; data-processing addendum. |
| Anthropic, PBC www.anthropic.com/ Conditional: Engaged only when the platform/tenant configures Anthropic as the chat provider. | Hosted large-language-model inference for chat/assistant flows when the operator selects Anthropic as the chat provider. | User chat messages, Retrieved content snippets, System prompt text | United States | EU SCCs (2021/914) + supplementary measures; data-processing addendum. |
AI — speech-to-text transcription
| Subprocessor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| AssemblyAI, Inc. www.assemblyai.com/ Conditional: Engaged only when the tenant's `asr_data_residency` setting is `cloud_us` or `cloud_any` AND diarization is required. | Speech-to-text transcription with speaker diarization for uploaded audio/video, when the tenant's ASR data-residency policy permits cloud processing. | Uploaded audio/video media, Resulting transcripts and speaker labels | United States | EU SCCs + DPA. |
| Groq, Inc. groq.com/ Conditional: Engaged only when the tenant's `asr_data_residency` setting is `cloud_us` or `cloud_any` AND diarization is not required. | Hosted Whisper-compatible speech-to-text inference for non-diarized transcription when the tenant's ASR residency policy permits cloud processing. | Uploaded audio/video media, Resulting transcripts | United States | EU SCCs + DPA. |
Payments and donations
| Subprocessor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| Stripe Payments Europe, Ltd. stripe.com/ | Payment processing for subscriptions, donations, and Connect-based tenant payouts. | Donor / customer name and email, Payment card information (handled by Stripe; never received by Loracta), Donation amount and currency, Transaction metadata | European Union (Ireland) with US-based group entities | Intra-group SCCs; Stripe DPA. |
Transactional email delivery
| Subprocessor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| SMTP delivery provider (configured per environment) Conditional: Specific provider depends on the deployment environment; the active provider is disclosed on request. | Transactional email delivery (verification codes, password resets, magic-link rights requests, system notifications). | Recipient email address, Message subject and body | European Union (preferred); falls back per operator configuration | Operator selects a provider with SCCs/DPA in place. |
Object storage (media, transcripts, derived artifacts)
| Subprocessor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| S3-compatible object storage (MinIO or hosted equivalent) min.io/ | Persistent storage for uploaded media (audio, video, images, PDFs), transcripts, generated TTS audio, and thumbnails. | Uploaded media files, Derived artifacts (transcripts, thumbnails, TTS) | European Union (preferred); per operator configuration | Operator selects a storage provider with SCCs/DPA in place. |
User-initiated content import
| Subprocessor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| Google Ireland Limited (Google Drive) workspace.google.com/ Conditional: Engaged only when a user explicitly connects their Google Drive account to assist with imports. | Assisted document import from a user-connected Google Drive account via OAuth. | Google account email and basic profile, Drive file listings and the specific file contents imported by the user | European Union (Ireland) | Google Workspace DPA; SCCs for any onward US transfer. |
Error reporting and logging
| Subprocessor | Purpose | Data categories | Region | Transfer mechanism |
|---|---|---|---|---|
| Functional Software, Inc. (Sentry) sentry.io/ | Application error reporting, performance monitoring, and profiling. | Application errors and stack traces, Request URL (path), HTTP method, status code, Aggregated performance traces | United States | EU SCCs + DPA; Loracta configures Sentry with `send_default_pii=False` and redacts cookies, POST bodies, and sensitive headers before send. |
| Grafana Labs / self-hosted Loki grafana.com/oss/loki/ | Structured application log aggregation. | Structured log lines (request id, tenant id, log level, message), IP addresses are truncated before logging (see `app/utils/observability.py`) | European Union (preferred); per operator configuration | Self-hosted or operator-selected hosted Loki with DPA. |
Changes to this list
Material changes are reflected in the version date at the top of this page. Historical versions are available on request to datenschutz@knowledge-commons.example.