Sub-processors.
Last updated: 12 May 2026 · Policy version: kye-sub-processors-v1.0-2026-05-12 · Version hash: 7d22cb04ad119f30
The following sub-processors are engaged by KYE Protocol™ Ltd to deliver the Services. Each is bound by contractual obligations no less protective than the DPA.
| Sub-processor | Purpose | Data category | Region |
|---|---|---|---|
| Cloudflare, Inc. | Edge hosting (Pages), Pages Functions runtime, D1 (SQLite) tenant storage, R2 (object) storage, KV (key-value) cache, Workers AI, AI Gateway, Email Routing | Marketing data, pilot applications, consent records, hashed IP/UA, Customer Data in scope of Stack Bindings | Global, with EU + UK region pinning available on request |
| GitHub, Inc. (Microsoft) | Source-code hosting, issue tracker, CI runners. No production Customer Data ever flows through GitHub. | Public open-source artefacts only | US, EU (Actions runners on request) |
| Hugging Face | Public open-source artefact mirroring for the KYE Protocol™ Apache 2.0 components only. No customer or pilot data. | Public open-source artefacts only | US / EU |
Notices
Material changes to this list (new sub-processor, change of region, change of category) are announced at least 30 days before the change takes effect. Customers may subscribe to updates by emailing info@kyeprotocol.com with subject “sub-processor watch”.
Customer-side sub-processors
For the Audit Pilot programme, KYE™ typically binds read-only to Customer-operated stacks (IAM/SSO, OAuth/OIDC, API gateway, MCP server, AI-agent framework, workflow engine, SIEM, GRC, policy engine, audit log, data store). Those Customer-operated stacks remain under Customer's control and are not KYE™ sub-processors.