TALK TO US RAISEOS BY KLUB.AI — SUB-PROCESSOR POLICY
Purpose
This policy explains how RaiseOS selects, contracts, manages and notifies Customers about sub-processors that support the RaiseOS Agentic AI SaaS service.
Scope
Applies to third-party service providers that process personal data on RaiseOS’s behalf. It does not cover independent third-party tools that a Customer connects directly (those have their own terms and privacy policies).
Onboarding and due diligence
We assess each sub-processor’s service description, data categories, locations and transfer mechanisms, security measures, subcontracting, operational resilience and compliance posture before engagement.
Contractual requirements
We require written terms covering:
- Documented instructions and data-use restrictions
- Confidentiality and information security obligations
- Assistance with data protection and regulatory requests
- Restrictions on onward processing
- Deletion or return of data upon exit
- Assurance reporting and breach notification duties
International transfers
Where a sub-processor processes personal data outside the originating jurisdiction, RaiseOS implements recognised safeguards (e.g., adequacy, standard contractual clauses) and maintains transfer assessments where required.
Change management and notice
We maintain this public Sub-processor Register and will provide at least 30 days’ advance notice before adding or replacing a sub-processor that materially affects Customer personal data. In urgent cases, temporary changes may be made with notice provided as soon as practicable.
Customer objections
Customers may send reasonable, specific objections within the notice window to privacy@klub.ai. We will provide relevant information, propose alternatives where feasible, or allow termination of the affected component if unresolved.
Incident management
Sub-processors must notify RaiseOS without undue delay of personal-data breaches affecting services they provide to RaiseOS. RaiseOS will notify Customers in line with its Data Processing Addendum (DPA) and applicable laws.
SUB-PROCESSOR REGISTER (TEMPLATE)
| Category | Provider | Purpose | Data types | Primary region(s) |
|---|---|---|---|---|
| Cloud infrastructure | [CloudCo] | Compute, storage, networking | Customer Content; telemetry; logs | UAE (me-central-1) |
| Email/ingestion | [MailIngest] | Inbound parsing/relay | File metadata; contact data | [region] |
| Analytics/monitoring | [ObservabilityCo] | Logs, metrics, alerting | Pseudonymised telemetry; error data | [region] |
| Support tooling | [SupportDesk] | Ticketing and support communications | Contact info; ticket content | [region] |
| Backup/DR | [BackupCo] | Encrypted backups and restores | Encrypted snapshots | [region] |
| Error tracking | [ErrorTrackCo] | Exception tracking | Pseudonymised error events | [region] |
Change notice window: 30 days
Register contact: privacy@klub.ai
Last updated: 01-Oct-2025 • Version: v1.0
