Sub-processors
Last updated: 2026-05-30
Kolega uses the third-party processors listed below to operate the Service. Each one is named so you know exactly where personal data goes. This list is referenced by the Privacy Policy and the Data Processing Agreement; it is the authoritative, current list of sub-processors.
| Sub-processor | Purpose | Location | Transfer basis |
|---|---|---|---|
| Stripe Payments Europe | Billing and card payments. Kolega never sees or stores card details. | Ireland / United States | Standard Contractual Clauses |
| Brevo (Sendinblue SAS) | Transactional email — verification, password reset, escalation and report notifications. | France (EU) | Within EEA |
| OpenAI | LLM inference and text embeddings, when the workspace is configured to use an OpenAI model. Enterprise terms prohibit training on customer data. | United States | Standard Contractual Clauses |
| Self-hosted local model | LLM inference on Kolega-operated infrastructure. No personal data is transmitted to an external LLM provider. A workspace using only this model has no external LLM sub-processor. | EU (Kolega infrastructure) | Within EEA |
| Hetzner Online GmbH | Application servers and the PostgreSQL database that store workspace data. | Germany (EU) | Within EEA |
Which LLM applies to your workspace
The model a given agent uses is shown in your dashboard under that agent. A workspace can be configured to run entirely on the self-hosted local model, in which case no conversation data reaches an external LLM provider.
Changes and notice
We notify customers of material changes to this list — a new sub-processor, or an existing one taking on a new category of data — through the dashboard at least fourteen days before the change takes effect, so you have time to object as provided in the Data Processing Agreement. To be notified by email instead, write to pozdrav@kolega.hr.