Guidelines for Sub-Processors
Last updated: March 27, 2026
Korl Inc. uses carefully selected sub-processors to help deliver and support our cloud-based services. Each sub-processor performs a limited, clearly defined function such as cloud hosting, infrastructure management, or operational support.Our Standards
Korl maintains strict standards for security, confidentiality, and processing integrity consistent with our SOC 2 Type I report and the AICPA Trust Services Criteria.
Before engaging any sub-processor, we:
- Conduct security and privacy due-diligence reviews (including assessment of SOC 2 or equivalent certifications).
- Require contractual commitments around confidentiality, data protection, and breach notification.
- Ensure sub-processors use encryption and access controls consistent with Korl's internal policies.
- Re-evaluate sub-processors at least annually as part of our vendor-management process.
Current Sub-Processors
| Sub-Processor | Category | Purpose | Security Info |
|---|---|---|---|
| Google Cloud Platform (GCP) | Infrastructure | Core infrastructure providing Cloud Run (compute), Firestore (database), Cloud Storage (GCS), and Google Sheets/Drive for data exports and automated PDF generation. | View policy ↗ |
| OpenAI | AI / ML | AI-powered content generation, including QBR narratives, presentation summaries, and roadmap takeaways. | View policy ↗ |
| Google (Gemini) | AI / ML | AI-powered content generation, including QBR narratives, presentation summaries, image generation, and slide creation. | View policy ↗ |
| Stripe | Payments | Handles all aspects of payment processing, billing management, and subscription state for the platform's customers. | View policy ↗ |
| Serper | Search | Used to search for and retrieve high-quality, professional imagery for inclusion in generated business presentations. | View policy ↗ |
| Unsplash | Media | Used to search for and retrieve high-quality, professional imagery for inclusion in generated business presentations. | View policy ↗ |
| Slack | Communications | Processes and delivers message data to customer Slack channels for real-time roadmap updates and automated company insights notifications. | View policy ↗ |
| Adobe | Document Processing | Optional conversion of presentations to PDF and PPTX formats. | View policy ↗ |
| Brandfetch | Media | Takes company domains and processes them to retrieve and serve official logos and brand assets. | View policy ↗ |
| PostHog | Analytics | Product analytics, session replay, feature flags, and experimentation. | View policy ↗ |
| Anthropic | AI / ML | AI-powered content generation including PRD summaries, email copy, and roadmap narratives via the Claude API. | View policy ↗ |
| ScraperAPI | Search | Web scraping and page rendering used to retrieve imagery and brand assets for inclusion in generated presentations. | View policy ↗ |
Oversight and Updates
Korl monitors sub-processor compliance through periodic reviews, attestations, and incident-response coordination.
We update this page whenever material changes occur to our sub-processor relationships.
For questions, please contact [email protected].