Subprocessor Disclosure

Last updated: 2025-11-19

Kimshi engages certain third‑party service providers (subprocessors) to help us deliver our services. We carefully vet each provider for security, privacy, and reliability. We only share the minimum necessary data to provide the service, and each provider is bound by contractual obligations to protect personal data in accordance with UK GDPR.

Current Subprocessors

• Amazon Web Services (AWS) — Hosting, storage, networking, authentication (Cognito), and content delivery (CloudFront). Primary regions: as configured for our production workloads. Data is encrypted in transit and at rest.
• Paddle — Merchant of Record for payments, billing, tax, invoicing, and receipts. Limited customer billing information is processed to complete transactions and comply with tax requirements.
• Resend — Transactional email delivery (e.g., contact and system messages). Email metadata and content necessary to send messages may be processed.

Purpose & Data Categories

We process typical B2B data necessary to operate the platform, such as:

• Account and organization details (business name, contact info)
• Operational data (bookings, customer records, schedules, staff details)
• Billing data (through Paddle as Merchant of Record)

Changes to Subprocessors

We may update this list as our service evolves. Material changes will be reflected on this page with a new “Last updated” date. For enterprise customers with DPA terms requiring notice, we will provide advance notice per contract.

Questions? Contact: privacy@kimshiltd.com