skip to Main Content
Investment News:

Last Updated: October 12, 2022

Sub-processors

ASAPP, Inc. (“ASAPP”) uses certain sub-processors, and content delivery networks to assist it in providing the ASAPP Services.

What is a Sub-processor?

A sub-processor is a third-party data processor engaged by ASAPP, who has or potentially will have access to or process customer data (which may contain personal data). ASAPP engages different types of sub-processors to perform various functions as explained in the tables below.

Due Diligence

ASAPP undertakes to use a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to or process customer data.

Contractual Safeguards

ASAPP executes an agreement with our Subprocessors, including but not limited to the requirements to:

  • Restrict the Subprocessors’ access to customer data only to what is necessary to assist ASAPP in providing or maintaining the ASAPP Services, and prohibit the Subprocessor from accessing customer data for any other purpose
  • In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws
  • Make clear that ASAPP will remain responsible for its compliance with the obligations of any applicable agreements between us and our customers and for any acts or omissions of the Subprocessor that cause ASAPP to breach any of its obligations under those agreements
  • Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which ASAPP is contractually committed to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on ASAPP’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification ASAPP reserves the right to audit the sub-processor
  • Promptly inform ASAPP about any actual or potential security breach and cooperate with ASAPP in order to deal with requests from data controllers, data subjects or data protection authorities, as applicable

The information below is a list of third-party sub-processors, and content delivery networks used by ASAPP as of the date of this policy (which ASAPP may use in the delivery and support of its Services).

Sub-processors—Service Data Storage and Processing

ASAPP owns or controls access to the infrastructure that ASAPP uses to host and process customer data submitted to the ASAPP Services, other than as set forth herein. Currently, the ASAPP production systems used for hosting customer data for the ASAPP Services are located in co-location facilities in the United States and Europe and in the infrastructure sub-processors listed below.

Sub-processor Services Provided Actual Location of Processing Link to Security Policy
ASAPP SAS Ltd. (Argentina) Employees of ASAPP’s wholly owned subsidiary located in Argentina who perform engineering and development services Argentina No link
To be provided by Processor
ASAPP Limited (UK) Employees of ASAPP’s wholly owned subsidiary located in the UK who perform engineering and development services UK No link
To be provided by Processor
ASAPP UY SA (Uruguay) Employees of ASAPP’s wholly owned subsidiary located in Uruguay who perform engineering and development services Uruguay No link
To be provided by Processor
ASAPP Canada Inc. (Canada) Employees of ASAPP’s wholly owned subsidiary located in Canada who perform engineering and development services Uruguay No link
To be provided by Processor
ASAPP India(initially through Vistra as EOR) Employees of ASAPP’s wholly owned subsidiary located in India who perform engineering and development services India No link
To be provided by Processor
ASAPP Employees working remotely Employees of ASAPP that work remotely (for example while on vacation) All counties except for any country subject to US OFAC sanctions, or whose laws or general geopolitical environment poses a reasonable risk to the protection of data No link
To be provided by Processor
AWS Hosting services for the ASAPP Platform US https://aws.amazon.com/security/
Flexential, Inc. Colocation services US https://www.flexential.com/compliance-certifications-and-attestations
TranscribeMe Speech Transcription Services and UMR data annotation and labeling services US, Canada, Portugal, UK, Australia, New Zealand https://www.transcribeme.com/privacy-policy-crowd
Sisense Data analytics US https://www.sisense.com/privacy-policy/
Zendesk Production Incident Reporting US https://www.zendesk.com/product/zendesk-security/
Apple Business Chat Customer Communication US https://www.apple.com/privacy/
Google Messaging Customer Communication US https://policies.google.com/privacy
Google Cloud Platform Speech-to-text US https://cloud.google.com/security/
Twilio Sends application texts/SMS for customer configured alerts US https://www.twilio.com/legal/privacy
Meta Platforms, Inc. WhatsApp messaging service US https://www.whatsapp.com/security
Lohika (part of Capgemini Engineering) Engineering services US, Poland, India https://capgemini-engineering.com/us/en/privacy-policy/
Toptal Services Engineering services US, Poland, India https://www.ltts.com/about-us/quality-enabling-business-excellence
https://www.ltts.com/privacy-policy
Deel Group Employer of Record for engineering services Sri Lanka https://www.letsdeel.com/privacy
TaskUs Data Annotation US, Taiwan, Philippines, India, Mexico, Columbia, Japan, Malaysia, Ireland, Greece https://www.taskus.com/security/
Vistra Employer of Record for R&D services Greece https://www.vistra.com/governance-risk-compliance
EC Innovations Data Annotation US https://www.ecinnovations.com/Privacy_Policy/
OpenAI AI training and predictions APIs US https://openai.com/privacy/
Scale AI Data Labeling USA, Canada, UK, Australia, New Zealand, Portugal, Taiwan, Philippines, Mexico, Columbia, Malaysia, Spain, Japan, Ireland, India https://scale.com/legal/security
Surge Labs Inc. Data Labeling USA, Canada, UK, Australia, New Zealand, Portugal, Taiwan, Philippines, Mexico, Columbia, Malaysia, Spain, Japan, Ireland, India https://surgelabs.com/privacy-policy/
Cohere AI training US https://cohere.ai/privacy
Defined AI Data Labeling USA, Canada, UK, Australia, New Zealand, Portugal, Taiwan, Philippines, Mexico, Columbia, Malaysia, Spain, Japan, Ireland, India https://www.defined.ai/privacy-policy/
Back To Top