Legal ยท Data Processing
Subprocessors
This page lists the third-party service providers ("subprocessors") that Kumand engages to process personal information on behalf of our clients. It is provided in fulfillment of our obligations under Article 28 of the GDPR and analogous provisions of US state privacy laws, and is updated when we add, change, or remove a subprocessor.
Active subprocessors
| Provider | Purpose | Location |
|---|---|---|
| Google LLC | Google Workspace (email, calendar), Google Cloud Platform (infrastructure hosting), Google Analytics (where enabled) | United States |
| Twilio Inc. | SMS messaging, voice calls, programmable communications | United States |
| Stripe, Inc. | Payment processing for paid services | United States |
| OpenAI, LLC | AI-assisted content generation and analysis when explicitly invoked by a client through Kumand features | United States |
| Anthropic, PBC | AI-assisted content generation and analysis when explicitly invoked by a client through Kumand features | United States |
| SendGrid (Twilio) | Transactional email delivery | United States |
How we choose subprocessors
Before engaging a subprocessor we evaluate their security practices, data protection commitments, and contractual safeguards. We require each subprocessor to enter into a data processing agreement (DPA) or equivalent that obligates them to:
- Process personal information only on our documented instructions.
- Maintain appropriate technical and organizational security measures.
- Assist us in responding to data subject rights requests.
- Notify us promptly of any actual or suspected breach affecting client data.
- Permit audit on reasonable notice where required by law or contract.
International transfers
Our subprocessors are all based in the United States. Where personal information of EEA, UK, or Swiss residents is transferred to the United States, we and our subprocessors rely on Standard Contractual Clauses adopted by the European Commission, the UK International Data Transfer Addendum where applicable, and the EU-US Data Privacy Framework where the subprocessor is certified.
Changes to this list
We will update this page when we add, change, or remove a subprocessor that processes client personal information. The "Last updated" date at the top of this page reflects the most recent change. Clients on enterprise plans may sign up for advance email notification of changes by writing to admin@kumand.com.
Objecting to a new subprocessor
If you object to the engagement of a new subprocessor, write to us at the email address above within 30 days of the change. We will work in good faith to either address your concern or, if no resolution is possible, allow you to terminate the affected services without penalty.
This document describes Tactical Marketing Pro LLC's current practices for the Kumand platform at kumand.com. It is not legal advice. Your rights under applicable law may exceed what is described here.