Current list
Each of the following is bound by its own data-protection contract with Knockhaus (see the linked DPA).
| Subprocessor | Purpose | Region | Data |
|---|---|---|---|
| Supabase | Primary database + authentication + storage + realtime. | US (AWS us-east-2) | Account data, Customer-submitted lead data, Media |
| Stripe / Stripe Connect | Subscription billing for Knockhaus + commission payouts to reps. | US / Global | Billing info, Bank/payout info, Tax IDs |
| Resend | Transactional + cadence email delivery. | US | Email addresses, Email content |
| Twilio | SMS delivery for cadences, appointment reminders, and one-time codes. | US | Phone numbers, Message content |
| Mapbox | Map tiles, parcel lookups, routing, and geocoding. | US | Approximate + precise location, Territory polygons |
| Anthropic (Claude) | AI explain-line-item, commission plan drafting, inquiry agent. | US | Commission line-item data, Plan text prompts submitted by owners/managers |
| Dropbox Sign (HelloSign) | At-the-door e-signature contracts. | US | Signer name, Signer email, Signed PDFs |
| Mux | Training video hosting + playback. | US | Uploaded videos, Viewer playback analytics |
| Vercel | Hosting for the marketing site and web app. | US / Global edge | Request logs, IP addresses |
| CARTO / OpenStreetMap | Light/dark map tile rendering on the marketing site. | US / Global | IP addresses (tile fetch) |
Stripe — the money layer
Stripe Connect handles subscription billing for Knockhaus and commission payouts to your reps. They're a payments institution, not a “subprocessor” in the GDPR sense — they process payment data as an independent controller under their own terms. We flag them here because your reps' bank-level info touches them directly.
Notification of changes
When we add or replace a subprocessor we email the owner of every paid-add-on organization at least 14 days before the change. You can object on reasonable grounds; if we can't resolve it, you may terminate the affected service and we'll refund the pro-rated unused portion.
To subscribe to this notification for a different email than the owner address, send a note to legal@knockhaus.app.
What we're not using
For clarity, we don't use: Meta Pixel, Google Analytics 4, LinkedIn Insight Tag, TikTok Pixel, Hotjar, FullStory, Segment, Rudderstack, Intercom, Drift, or HubSpot. If you see a request from one of these in our stack, we've goofed — please let us know.