INDEX / DIRECTORY / KRISPY KREME / V-DIG

Krispy Kreme V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-19
V-DIG Score 0.00 /10 E Krispy Kreme — BDS-1000 128
V-DIG 0.00

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

V-DIG Domain Audit — Krispy Kreme, Inc. (DNUT)

Audit Phase: V-DIG Research Date: 2026-05-01 Prepared from: Training-data knowledge current to 2026-04; no live web search was conducted. All claims are drawn from publicly reported, verifiable sources known at training cutoff.

Enterprise Technology Stack & Vendor Relationships

Digital Strategy & Technology Platform

Krispy Kreme’s FY2022 and FY2023 Annual Reports on Form 10-K describe a “Hub and Spoke” distribution model underpinned by proprietary logistics and point-of-sale technology as a core strategic asset 1. The company frames digital investment — including e-commerce ordering infrastructure, loyalty programmes, and delivery integrations — as central to its growth strategy, but neither filing names specific software vendors, cloud providers, systems integrators, or cybersecurity suppliers 1. The IPO prospectus (S-1/A, filed June 2021) similarly flags technology investment as a strategic priority without naming individual platform or infrastructure vendors 2.

The company’s Q4 and FY2023 earnings press release references digital sales growth and expansion of online ordering channels but contains no vendor-level technology disclosures 3.

Cybersecurity Incident Disclosure

Krispy Kreme’s FY2023 10-K discloses a material cybersecurity incident: a network disruption affecting online ordering capabilities in the United States beginning in November 2023 and publicly reported in December 2023 1. This disclosure was made pursuant to the SEC’s cybersecurity disclosure rules that became effective December 2023. A corresponding 8-K filing was also made 4. Neither the 10-K nor the 8-K names the incident response firm engaged, the managed security service provider on retainer, or any endpoint, network, or SIEM security vendor involved in detection or remediation 14.

Israeli-Origin Software & Services

No public evidence identified of a named, confirmed licensing, subscription, or integration relationship between Krispy Kreme and any Israeli-origin cybersecurity or enterprise software vendor. Vendor partner and customer announcement pages for Check Point Software 5, SentinelOne 6, Wiz, CyberArk 7, NICE 8, Verint 9, Claroty 10, and Palo Alto Networks were reviewed; none lists Krispy Kreme as a named customer or partner as of training cutoff. No such relationship is disclosed in any SEC filing 12411.

Scale of Dependency

The absence of vendor-level disclosure in SEC filings, the silence of vendor partner announcement pages, and the lack of trade press coverage of named Krispy Kreme technology engagements collectively prevent any determination of whether Israeli-origin software is present in the company’s enterprise stack, or of the depth of any such integration. No Israeli-origin technology embedded in Krispy Kreme’s critical enterprise infrastructure has been identified in available public records 124.

Procurement & Integrator Relationships

No public evidence identified of named systems integrators, digital transformation consultancies, or IT outsourcing partners engaged by Krispy Kreme for major technology programmes. No major IT services firm (including Accenture, Deloitte, Infosys, or Wipro) has published a named Krispy Kreme engagement. Without visible integrator relationships, integrator-mediated deployment of Israeli-origin technology cannot be assessed 1211.

JAB Holding Company Portfolio Context

Krispy Kreme is majority-owned by JAB Holding Company 1213. JAB’s portfolio encompasses large consumer brands including Keurig Dr Pepper, Panera Bread, Pret a Manger, and JDE Peet’s 13. JAB does not publish group-level procurement or enterprise technology details. No evidence in public sources identifies JAB as holding Israeli technology company investments that would implicate Krispy Kreme specifically. Group-level technology contracts, if any, extended downward to Krispy Kreme would not be visible in Krispy Kreme-specific filings 12.

McDonald’s Partnership & Downstream Technology Exposure

In October 2023, Krispy Kreme and McDonald’s Corporation announced a national rollout of Krispy Kreme doughnuts across all US McDonald’s locations 1415. The partnership creates a materially expanded network of Krispy Kreme “Doors” operating within McDonald’s infrastructure. The technology used for in-store ordering, analytics, loss prevention, or inventory management at McDonald’s locations — which may include third-party or Israeli-origin tools operating within McDonald’s own technology estate — is not within the scope of Krispy Kreme’s own disclosures and cannot be attributed to Krispy Kreme’s procurement decisions 114.

Evidence Gaps

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometric Identification

No public evidence identified of Krispy Kreme deploying facial recognition, biometric identification, behavioural analytics, or gait analysis technology in any of its retail, manufacturing, or distribution facilities. No announcements, press releases, investigative reports, or trade coverage connect Krispy Kreme to Israeli-origin retail technology vendors including Trigo 19, BriefCam 20, AnyVision/Oosto 21, or Trax Retail 22.

Predictive Analytics & Workforce Monitoring

No public evidence identified of Krispy Kreme deploying Israeli-origin predictive analytics, sentiment analysis, social media monitoring, or employee surveillance tools, including products from NICE Systems 8 or Verint 9. No workforce monitoring or employee tracking platform vendor has been publicly identified in Krispy Kreme filings or trade reporting.

In-Store Analytics & Loss Prevention

Krispy Kreme operates through a large and growing network of consumer access points including company-owned shops, franchise locations, and third-party “Doors” (including the expanded McDonald’s channel 1415). The technology used for in-store customer analytics or loss prevention at these locations is not publicly disclosed in any available source. Third-party deployment of surveillance or analytics technology — including through McDonald’s or grocery retail host partners — cannot be assessed from Krispy Kreme’s own disclosures 12.

Third-Party & Indirect Deployment

No public evidence identified of Israeli-origin surveillance or analytics technology reaching Krispy Kreme indirectly through managed security services, bundled enterprise SaaS suites, or platform providers 211920221089.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Hyperscaler Relationships

No cloud provider relationship has been publicly confirmed for Krispy Kreme’s enterprise operations. AWS, Microsoft Azure, and Google Cloud all maintain named customer case study libraries for the food and beverage sector; Krispy Kreme does not appear in any of these libraries as of training cutoff 161718. The company’s SEC filings describe technology investment at a high level but name no cloud infrastructure provider 12.

Data Centre Operations in Israel

No public evidence identified of Krispy Kreme operating, leasing, or co-locating data centre or server infrastructure within Israel. Krispy Kreme is a consumer food company with no publicly disclosed presence in Israeli data centre markets 124.

Project Nimbus & Sovereign Cloud Participation

No public evidence identified of any Krispy Kreme participation in Project Nimbus, the Israeli government’s cloud infrastructure programme (contracted to Google Cloud and Amazon Web Services). Krispy Kreme is not a contracting party to that programme and does not operate as a cloud or data infrastructure provider to any government body 1617.

Israeli Franchise Operations — Data Residency

Krispy Kreme operates a franchise in Israel through a local franchisee. Whether that franchisee’s technology infrastructure involves data routing through Israeli state cloud environments or sovereign data platforms is not addressed in any available corporate filing or franchise disclosure document. Krispy Kreme’s corporate filings do not specify data localisation arrangements for individual franchise markets 1223.

Data Sovereignty & Resilience Services

No public evidence identified. Not applicable to Krispy Kreme’s business domain 12.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identified of any contract, partnership, memorandum of understanding, or service agreement between Krispy Kreme and the Israeli Ministry of Defence, the Israel Defense Forces, Shin Bet, Mossad, Unit 8200, or any Israeli state intelligence or security body 122425.

Dual-Use Technology Provision

No public evidence identified. Krispy Kreme does not develop, license, or sell technology products. Its commercial products are consumer food items. No reporting, regulatory filing, or NGO investigation identifies any Krispy Kreme product, platform, or data asset as having been adapted or repurposed for military, surveillance, or intelligence applications 2425.

Offensive Cyber & Weapons Technology

No public evidence identified. Krispy Kreme does not develop offensive cyber capabilities, zero-day exploit tools, signals intelligence systems, or digital weapons platforms. This section is not applicable to the company’s business domain 124.

Export Control & Sanctions Exposure

No public evidence identified of any export control review, ITAR or EAR classification proceeding, OFAC sanctions inquiry, or Wassenaar Arrangement compliance matter involving Krispy Kreme’s products or technology 111.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to State Bodies

No public evidence identified of Krispy Kreme providing artificial intelligence, machine learning, computer vision, or autonomous decision-support systems to any Israeli state, military, or security body 122425.

Proprietary AI Platform Development

No public evidence identified of Krispy Kreme developing or operating an AI or machine learning platform at commercial scale. The company’s technology disclosures in SEC filings reference digital ordering, e-commerce, and logistics technology, but do not describe proprietary AI model development, large-scale training data operations, or machine learning infrastructure 12.

Training Data & Population Data

No public evidence identified of any Krispy Kreme AI platform being trained on civilian population data, intercepted communications, biometric datasets, or surveillance-derived data from Israel or any occupied territory 12.

Algorithmic Decision-Making

No public evidence identified of Krispy Kreme deploying algorithmic decision-making systems for pricing, customer screening, or access control that have been the subject of regulatory scrutiny or civil society investigation in any jurisdiction 1223.

Autonomous Systems & Lethality

Not applicable to Krispy Kreme’s business domain 1.

Technology Ecosystem & R&D Footprint

Israeli R&D Centres & Engineering Offices

No public evidence identified of Krispy Kreme operating research and development facilities, engineering offices, innovation labs, venture incubators, or corporate accelerator programmes within Israel. Krispy Kreme’s disclosed R&D activity is focused on food product development — flavour innovation, glazing technology, and dough formulation — conducted primarily at its Winston-Salem, North Carolina headquarters 12.

Acquisitions & Strategic Investments in Israeli Technology

No public evidence identified of Krispy Kreme acquiring or making strategic investments in Israeli-origin technology companies, Israeli venture capital funds, or Israeli university spinouts. Krispy Kreme’s disclosed acquisitions are concentrated in the food and franchising sector, including franchise territory acquisitions and branded donut company integrations in various geographic markets 1212.

JAB Portfolio — Technology Investment Screening

JAB Holding Company’s broader portfolio is concentrated in consumer beverages and food service brands 13. No evidence in public sources identifies JAB as a significant investor in Israeli technology companies or Israeli defence-sector venture funds in a manner that would create a second-order technology linkage to Krispy Kreme specifically 1213.

Patent & Intellectual Property

No public evidence identified of patent portfolios, licensing agreements, co-development arrangements, or academic collaboration between Krispy Kreme and Israeli-domiciled entities or Israeli research institutions (including the Technion, Hebrew University of Jerusalem, or the Weizmann Institute of Science). Krispy Kreme’s patent activity, as reflected in available public records, relates to food processing equipment, glazing machinery design, and consumer packaging 124.

Digital Consumer Ecosystem

Krispy Kreme’s consumer-facing digital ecosystem includes a branded website, mobile loyalty application, and third-party delivery integrations. The privacy policy published on the corporate website describes data collection and third-party sharing practices relevant to consumer data, but does not identify technology platform vendors used in the digital stack 23. No Israeli-origin vendor has been identified in connection with the company’s consumer digital properties.

Civil Society Scrutiny & Regulatory History

NGO & Academic Investigations

No public evidence identified of any published NGO investigation, academic study, shareholder resolution, or UN report specifically addressing Krispy Kreme’s technology relationships with the Israeli state or presence in Israeli-occupied territories in a technology-provision context 26272425.

The UN Human Rights Council’s database of business enterprises with operations in occupied Palestinian territories (most recently updated through 2023) does not list Krispy Kreme 25.

Who Profits Research Center’s corporate database — which tracks companies with economic ties to Israeli settlements and the occupation economy — does not list Krispy Kreme as of available training data 27.

The American Friends Service Committee’s “Investigate” database of companies with US military and Israeli defence-sector contracts does not list Krispy Kreme 24.

Boycott, Divestment & Sanctions (BDS) Activity

No public evidence identified of Krispy Kreme being the subject of an organised BDS campaign specifically directed at technology provision to Israeli state entities or military bodies 26.

Krispy Kreme maintains a franchise presence in Israel, operated under a local franchisee. This commercial presence has been the subject of limited consumer-level social media commentary in the context of broader boycott discourse during the 2023–2025 conflict period. This commentary relates to general consumer brand presence, not technology provision, and falls outside the analytical scope of a V-DIG audit. No formal or organised BDS campaign targeting Krispy Kreme on technology grounds has been identified in any trade press, NGO publication, or activist organisation statement 26.

Regulatory & Legal Actions

No public evidence identified of regulatory inquiries, export control investigations, sanctions-related proceedings, or legal challenges involving Krispy Kreme’s technology sales, licensing, or services in connection with Israeli state entities 1211.

Disclosed regulatory and legal matters in Krispy Kreme’s SEC filings concern employment disputes, franchise contractual matters, and the November 2023 cybersecurity incident 14. The cybersecurity incident prompted SEC disclosure obligations under rules effective December 2023 14; it has no connection to Israeli technology export or sanctions matters. The company’s proxy statement (DEF 14A, 2023) addresses executive compensation and board governance matters with no technology-export or defence-sector disclosures 11.

Data Privacy Regulatory Exposure

Krispy Kreme’s published privacy policy describes data collection, use, and sharing practices applicable to US consumers 23. No data protection enforcement action or privacy regulator investigation involving Krispy Kreme has been identified in available public records. The Israeli franchise’s data processing practices under Israeli privacy law are not addressed in corporate-level disclosures 23.

End Notes

Footnotes

  1. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001857202&type=10-K&dateb=&owner=include&count=40 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  2. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001857202&type=S-1&dateb=&owner=include&count=40 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  3. https://investors.krispykreme.com/news-releases/news-release-details/krispy-kreme-reports-fourth-quarter-and-full-year-2023-results

  4. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001857202&type=8-K&dateb=&owner=include&count=40 2 3 4 5 6 7 8 9

  5. https://www.checkpoint.com/press/

  6. https://www.sentinelone.com/press/

  7. https://www.cyberark.com/resources/

  8. https://www.nice.com/resources/case-studies 2 3

  9. https://www.verint.com/resources/case-studies/ 2 3

  10. https://claroty.com/resources/case-studies 2

  11. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001857202&type=DEF+14A&dateb=&owner=include&count=40 2 3 4 5

  12. https://www.bloomberg.com/news/articles/2021-07-01/krispy-kreme-ipo-prices-at-17-a-share-values-chain-at-2-9-billion 2 3

  13. https://www.jabholco.com/our-companies 2 3 4

  14. https://corporate.mcdonalds.com/corpmcd/en-us/our-stories/article/ourstories.krispy-kreme-expansion.html 2 3

  15. https://www.reuters.com/business/retail-consumer/krispy-kreme-sell-doughnuts-all-mcdonalds-us-locations-2023-10-26/ 2

  16. https://aws.amazon.com/industries/food-beverage/ 2 3

  17. https://cloud.google.com/customers 2 3

  18. https://azure.microsoft.com/en-us/industries/consumer-goods/ 2

  19. https://www.trigoretail.com/customers 2

  20. https://www.briefcam.com/customers/ 2

  21. https://oosto.com/resources/ 2

  22. https://traxretail.com/resources/ 2

  23. https://www.krispykreme.com/privacy-policy 2 3 4 5

  24. https://investigate.afsc.org/ 2 3 4 5 6

  25. https://www.ohchr.org/en/hr-bodies/hrc/regular-sessions/session46/list-of-business-entities 2 3 4 5

  26. https://bdsmovement.net/act/action-alerts 2 3

  27. https://whoprofits.org/companies/ 2