diff --git a/customHttp.yml b/customHttp.yml index b1958338..352aa678 100644 --- a/customHttp.yml +++ b/customHttp.yml @@ -5,13 +5,13 @@ customHeaders: value: >- default-src 'self' *.kinde.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src - https://www.youtube-nocookie.com; child-src 'self'; connect-src 'self' - ws https://api.management.inkeep.com https://api.inkeep.com - wss://api.inkeep.com https://api.hsforms.com https://app.kinde.com - https://kinde.com https://kinde-api-docs-proxy.pages.dev - https://analytics.usehall.com; base-uri - 'none'; font-src 'self' https://fonts.gstatic.com; img-src 'self' - data: https://storage.googleapis.com https://imagedelivery.net + https://www.youtube-nocookie.com; child-src 'self'; + connect-src 'self' wss: https://api.management.inkeep.com + https://api.inkeep.com wss://api.inkeep.com https://api.hsforms.com + https://app.kinde.com https://kinde.com + https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com; + base-uri 'none'; font-src 'self' https://fonts.gstatic.com; img-src + 'self' data: https://storage.googleapis.com https://imagedelivery.net https://customer-xcbruusbiervz265.cloudflarestream.com https://i.ytimg.com; media-src 'self' https://customer-xcbruusbiervz265.cloudflarestream.com @@ -46,7 +46,8 @@ customHeaders: 'sha256-w78n7W12c94ck4KhBCBA4NrjqkbDvSutqee+u+no0Tg=' 'sha256-/4BQzbQ0kgR1l13wtSM3rZ7nSvyV3PX/ShEfhZA1WoQ=' 'sha256-zB5rUhTjHzt+r/RjhhI8CyMb5Y63k+J7ICVfQ7iHJqA=' - 'sha256-fFmtUWM/kGeUru+1rcCArLmnXKoEjis5I/dYQkZA+HM=' 'self' + 'sha256-fFmtUWM/kGeUru+1rcCArLmnXKoEjis5I/dYQkZA+HM=' + 'sha256-13ENHEoc4foVPMgYwApSstLrIGX/6Y5xvroD2DkDFcE=' 'self' widgets.kinde.com kinde.com https://cdn.jsdelivr.net/npm/@scalar/api-reference@1.23.5/dist/browser/standalone.min.js - key: Strict-Transport-Security @@ -76,11 +77,11 @@ customHeaders: https://cdn.jsdelivr.net/npm/@scalar/api-reference@1.23.5/dist/browser/standalone.min.js 'unsafe-inline' 'self' widgets.kinde.com kinde.com; font-src https://fonts.scalar.com 'self' https://fonts.gstatic.com; connect-src - 'self' ws https://api.management.inkeep.com https://api.inkeep.com + 'self' wss: https://api.management.inkeep.com https://api.inkeep.com wss://api.inkeep.com https://api.hsforms.com https://app.kinde.com https://kinde.com https://api-spec.kinde.com - https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com; img-src - https://storage.googleapis.com + https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com; + img-src https://storage.googleapis.com - pattern: /kinde-apis/frontend/* headers: - key: Content-Security-Policy @@ -90,8 +91,8 @@ customHeaders: https://cdn.jsdelivr.net/npm/@scalar/api-reference@1.23.5/dist/browser/standalone.min.js 'unsafe-inline' 'self' widgets.kinde.com kinde.com; font-src https://fonts.scalar.com 'self' https://fonts.gstatic.com; connect-src - 'self' ws https://api.management.inkeep.com https://api.inkeep.com + 'self' wss: https://api.management.inkeep.com https://api.inkeep.com wss://api.inkeep.com https://api.hsforms.com https://app.kinde.com https://kinde.com https://api-spec.kinde.com - https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com; img-src - https://storage.googleapis.com + https://kinde-api-docs-proxy.pages.dev https://analytics.usehall.com; + img-src https://storage.googleapis.com diff --git a/src/components/SubProcessorsForm.astro b/src/components/SubProcessorsForm.astro new file mode 100644 index 00000000..ff399e0b --- /dev/null +++ b/src/components/SubProcessorsForm.astro @@ -0,0 +1,604 @@ +--- +// Astro component for interactive sub-processors form +--- + +
+
+

Configure your Kinde setup

+ + + + + + + + +
+ +
+ + +
+ 		+ +
+ + + + + +
+ 		+ +
+ + +
+ 		+ +
+ + +
+
+
+ + +
+ + \ No newline at end of file diff --git a/src/content/docs/trust-center/privacy-and-compliance/sub-processors-interactive.mdx b/src/content/docs/trust-center/privacy-and-compliance/sub-processors-interactive.mdx new file mode 100644 index 00000000..b9eebccc --- /dev/null +++ b/src/content/docs/trust-center/privacy-and-compliance/sub-processors-interactive.mdx @@ -0,0 +1,53 @@ +--- +page_id: 9812b3a4-9368-4c26-aaba-6686cd47610a +title: Sub-processors - Interactive +description: "Interactive tool to view relevant sub-processors based on your Kinde configuration including data region, services used, and email provider." +sidebar: + order: 5 +relatedArticles: + - 9aca52ac-b374-4dce-b1fe-460df48f0f86 +topics: + - "trust-center" + - "privacy-and-compliance" + - "data-processing" +sdk: null +languages: null +audience: + - "business-owners" + - "admins" + - "legal" + - "compliance" +complexity: "beginner" +keywords: + - "sub-processors" + - "data processing" + - "privacy" + - "GDPR" + - "DPA" + - "third-party services" + - "interactive" + - "configuration" +updated: "2024-08-02" +featured: false +deprecated: false +ai_summary: "Interactive tool to view relevant sub-processors based on your Kinde configuration including data region, services used, and email provider." +--- + +import SubProcessorsForm from '../../../../components/SubProcessorsForm.astro'; + +Please refer to the [sub-processors](/trust-center/privacy-and-compliance/sub-processors/) page for a comprehensive list of sub-processors, more information about how we use them, and how to request a Data Processing Agreement (DPA). + +Use the form below to see only the sub-processors relevant to your specific Kinde business. + + + +## About this tool + +This interactive tool helps you identify which sub-processors are relevant to your specific Kinde business. The URL can be bookmarked for future reference. + +The results are filtered based on: + +- **Data Region**: The region where your Kinde instance is hosted +- **Services Used**: Which Kinde services you're actively using +- **Email Provider**: Whether you're using Kinde's default email service or your own [custom SMTP provider](/get-started/connect/customize-email-sender) +- **SMS Provider**: Whether you're using Kinde's default SMS service or your own [custom SMS provider](/authenticate/authentication-methods/phone-authentication/) diff --git a/src/content/docs/trust-center/privacy-and-compliance/sub-processors.mdx b/src/content/docs/trust-center/privacy-and-compliance/sub-processors.mdx index 3517f62a..6781fb3a 100644 --- a/src/content/docs/trust-center/privacy-and-compliance/sub-processors.mdx +++ b/src/content/docs/trust-center/privacy-and-compliance/sub-processors.mdx @@ -6,6 +6,7 @@ sidebar: order: 3 relatedArticles: - 58403493-55f6-423c-9464-ccd6e21ef2f7 + - 9812b3a4-9368-4c26-aaba-6686cd47610a topics: - "trust-center" - "privacy-and-compliance" @@ -40,19 +41,28 @@ If you have signed a Data Processing Agreement (DPA) with Kinde, we will notify Last update to the sub-processors for the external users is August 11, 2025. + + ## Sub-Processors for external users - Authentication External users are customers of Kinde’s customers. -Kinde will share external user personal information to the following third parties to facilitate authentication and customer support. For public cloud hosting and webhooks, the location is directly aligned only with the customer’s selected Kinde region. +Kinde will share external user personal information to the following third parties to facilitate authentication and customer support. For public cloud hosting, SMS services, and webhooks, the location is directly aligned only with the customer’s selected Kinde region. -Email services: If you are using your own custom SMTP provider to send emails via Kinde, AWS for email services is not a sub-processor. +Email services: If you are using your own [custom SMTP provider](/get-started/connect/customize-email-sender) to send emails via Kinde, AWS for email services is not a sub-processor. + +SMS services: If you are using your own [custom SMS provider](/authenticate/authentication-methods/phone-authentication/) to send SMS via Kinde, AWS for SMS services is not a sub-processor. Customer support: We do not recommend sending external user personal information, such as their email, in our support conversations, however we acknowledge that this may happen. All customer support tools, whether you interact with them or not, and their location of processing are listed. | Service provider | Entity type | Link | Location | | ---------------- | -------------------- | -------------------------------------------------------------- | --------------------------------------------------------- | | AWS | Public cloud hosting | [https://aws.amazon.com](https://aws.amazon.com/) | Australia, Canada, Ireland, United Kingdom, United States | +| AWS | SMS services | [https://aws.amazon.com](https://aws.amazon.com/) | Australia, Canada, Ireland, United Kingdom, United States | | AWS | Email services | [https://aws.amazon.com](https://aws.amazon.com/) | Australia | | Temporal | Webhooks | [https://temporal.io](https://temporal.io/) | Australia, Canada, Ireland, United Kingdom, United States | | Discord | Customer support | [https://discord.com/](https://discord.com/) | United States | @@ -66,15 +76,18 @@ Customer support: We do not recommend sending external user personal information External users are customers of Kinde’s customers. -Kinde will share external user personal information to the following third parties to facilitate billing and customer support. For public cloud hosting and webhooks, the location is directly aligned only with the customer’s selected Kinde region. +Kinde will share external user personal information to the following third parties to facilitate billing and customer support. For public cloud hosting, SMS services, and webhooks, the location is directly aligned only with the customer’s selected Kinde region. + +Email services: If you are using your own [custom SMTP provider](/get-started/connect/customize-email-sender) to send emails via Kinde, AWS for email services is not a sub-processor. -Email services: If you are using your own custom SMTP provider to send emails via Kinde, AWS for email services is not a sub-processor. +SMS services: If you are using your own [custom SMS provider](/authenticate/authentication-methods/phone-authentication/) to send SMS via Kinde, AWS for SMS services is not a sub-processor. Customer support: We do not recommend sending external user personal information, such as their email, in our support conversations, however we acknowledge that this may happen. All customer support tools, whether you interact with them or not, and their location of processing are listed. | Service provider | Entity type | Link | Location | | ---------------- | --------------------- | -------------------------------------------------------------- | --------------------------------------------------------- | | AWS | Public cloud hosting | [https://aws.amazon.com](https://aws.amazon.com/) | Australia, Canada, Ireland, United Kingdom, United States | +| AWS | SMS services | [https://aws.amazon.com](https://aws.amazon.com/) | Australia, Canada, Ireland, United Kingdom, United States | | AWS | Email services | [https://aws.amazon.com](https://aws.amazon.com/) | Australia | | Stripe | Billing and invoicing | [https://stripe.com](https://stripe.com/) | United States | | Temporal | Webhooks | [https://temporal.io](https://temporal.io/) | Australia, Canada, Ireland, United Kingdom, United States |