Last Updated: March 30, 2023
Sub-processors
ASAPP, Inc. (“ASAPP”) uses certain sub-processors, and content delivery networks to assist it in providing the ASAPP Services.
What is a Sub-processor?
A sub-processor is a third-party data processor engaged by ASAPP, who has or potentially will have access to or process customer data (which may contain personal data). ASAPP engages different types of sub-processors to perform various functions as explained in the tables below.
Due Diligence
ASAPP undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process customer data.
Contractual Safeguards
ASAPP executes an agreement with our Subprocessors, including but not limited to the requirements to:
- Restrict the Subprocessors’ access to customer data only to what is necessary to assist ASAPP in providing or maintaining the ASAPP Services, and prohibit the Subprocessor from accessing customer data for any other purpose
- In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws
- Make clear that ASAPP will remain responsible for its compliance with the obligations of any applicable agreements between us and our customers and for any acts or omissions of the Subprocessor that cause ASAPP to breach any of its obligations under those agreements
- Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which ASAPP is contractually committed to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on ASAPP’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification ASAPP reserves the right to audit the sub-processor
- Promptly inform ASAPP about any actual or potential security breach and cooperate with ASAPP in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable
The information below is a list of third-party sub-processors, and content delivery networks used by ASAPP as of the date of this policy (which ASAPP may use in the delivery and support of its Services).
Sub-processors—Service Data Storage and Processing
ASAPP owns or controls access to the infrastructure that ASAPP uses to host and process customer data submitted to the ASAPP Services, other than as set forth herein. Currently, the ASAPP production systems used for hosting customer data for the ASAPP Services are located in co-location facilities in the United States and Europe and in the infrastructure sub-processors listed below.
| Sub-processor | Services Provided | Actual Location of Processing | Link to Security Policy |
| ASAPP SAS Ltd. (Argentina) | Employees of ASAPP’s wholly owned subsidiary located in Argentina who perform engineering and development services | Argentina | No link To be provided by Processor |
| ASAPP Limited (UK) | Employees of ASAPP’s wholly owned subsidiary located in the UK who perform engineering and development services | UK | No link To be provided by Processor |
| ASAPP UY SA (Uruguay) | Employees of ASAPP’s wholly owned subsidiary located in Uruguay who perform engineering and development services | Uruguay | No link To be provided by Processor |
| ASAPP Canada Inc. (Canada) | Employees of ASAPP’s wholly owned subsidiary located in Canada who perform engineering and development services | Uruguay | No link To be provided by Processor |
| ASAPP India(initially through Vistra as EOR) | Employees of ASAPP’s wholly owned subsidiary located in India who perform engineering and development services | India | No link To be provided by Processor |
| ASAPP Employees working remotely | Employees of ASAPP that work remotely (for example while on vacation) | All counties except for any country subject to US OFAC sanctions, or whose laws or general geopolitical environment poses a reasonable risk to the protection of data | No link To be provided by Processor |
| AWS | Hosting services for the ASAPP Platform | US | https://aws.amazon.com/security/ |
| Flexential, Inc. | Colocation services | US | https://www.flexential.com/compliance-certifications-and-attestations |
| TranscribeMe | Speech Transcription Services and UMR data annotation and labeling services | US, Canada, Portugal, UK, Australia, New Zealand | https://www.transcribeme.com/privacy-policy-crowd |
| Sisense | Data analytics | US | https://www.sisense.com/privacy-policy/ |
| Zendesk | Production Incident Reporting | US | https://www.zendesk.com/product/zendesk-security/ |
| Apple Business Chat | Customer Communication | US | https://www.apple.com/privacy/ |
| Google Messaging | Customer Communication | US | https://policies.google.com/privacy |
| Google Cloud Platform | Speech-to-text | US | https://cloud.google.com/security/ |
| Twilio | Sends application texts/SMS for customer configured alerts | US | https://www.twilio.com/legal/privacy |
| Meta Platforms, Inc. | WhatsApp messaging service | US | https://www.whatsapp.com/security |
| Lohika (part of Capgemini Engineering) | Engineering services | US, India | https://capgemini-engineering.com/us/en/privacy-policy |
| Toptal Services | Engineering services | USA, India, Czech Republic | https://www.ltts.com/about-us/quality-enabling-business-excellence https://www.ltts.com/privacy-policy |
| Deel Group | Employer of Record for engineering services | Sri Lanka, Greece | https://www.letsdeel.com/privacy |
| OpenAI | AI training and predictions APIs | US | https://openai.com/privacy/ |
| Surge Labs Inc. | Data Labeling | US | https://www.surgehq.ai/privacy-policy |
| Cohere | Cohere | US | https://cohere.ai/privacy |
| Defined AI | Data Labeling | US | https://www.defined.ai/privacy-policy/ |
| CoreWeave | GPU Processor | US | https://docs.coreweave.com/resources/terms-of-service/security-and-compliance |
| Snowflake | Data warehousing | US | https://www.snowflake.com/product/security-and-trust-center/ |
| Cohere | AI training | US | https://cohere.ai/privacy |
| Cloudflare | Content distribution, web application firewall and DNS services for web traffic transmitted to and from the Services | US | https://www.cloudflare.com/trust-hub/abuse-approach/ |
| Miratech | Engineering Services | USA, Canada, India, Argentina, Uruguay, UK, Spain | https://miratechgroup.com/privacy-notice-terms-of-use/ |
