Where your data lives.
kirimana.io is hosted in the European Union. Below: every sub-processor we use, what they process, and where.
Sub-processors
| Provider | Purpose | Region | DPA |
|---|---|---|---|
| Fly.io | Hosting (app + Postgres) | Stockholm (arn) | fly.io/legal/dpa |
| Resend | Transactional email | Multi-region; EU available | resend.com/legal/dpa |
| Anthropic | AI inference (Kiri chat) | US; classification-gated | anthropic.com/legal/dpa |
| GoDaddy | Domain registrar (DNS only) | N/A, no data flows | godaddy.com |
We notify customers of sub-processor changes before they take effect. None of the sub-processors above train their models on the data routed through them — confirmed in their published DPAs.
Data Processing Agreement
For EU enterprise customers we sign a Data Processing Agreement on request — request a copy or pre-signed addendum from enterprise@kirimana.io. Our agreement incorporates each sub-processor's published DPA (linked in the table above) by reference, so the full chain of GDPR Article 28 obligations is traceable end-to-end.
Attestations + reporting
- Built-in generators, Digital Operational Resilience Act (DORA), European Union Artificial Intelligence Act (EU AI Act), General Data Protection Regulation (GDPR)
Contact
/security for vulnerability disclosure · privacy@kirimana.io for privacy queries · enterprise@kirimana.io for DPA + procurement.