Subprocessors

Effective: April 1st, 2025
AppZen, Inc. (“AppZen”) uses certain Subprocessors (including AppZen affiliates and third-parties, as listed below), when providing its cloud service under the AppZen Master Services Agreement made available at https://www.appzen.com/services-agreement/ (“MSA”). Defined terms used herein shall have the same meaning as defined in the MSA.
What is a Subprocessor?
A Subprocessor is a third-party engaged by AppZen, who has access to, or processes, Customer data (which may contain Personal Data) (“Customer Data”). AppZen engages different Subprocessors to perform the various functions as explained below.
Due Diligence
AppZen performs a due diligence review on the data privacy and security posture of potential Subprocessors prior to engagement. Our activities are designed to ensure that processing of Customer Data is only performed by entities with sufficient ability to meet data protection obligations.
Contractual Safeguards
AppZen requires its Subprocessors to satisfy equivalent obligations as those required from AppZen (as a Data Processor) as set forth in AppZen’s Data Processing Agreement (“DPA”), including but not limited to the requirements to:
- process Personal Data in accordance with the data controller’s (i.e. Customer’s) documented instructions (as communicated in writing to the relevant Subprocessor by AppZen);
- in connection with their subprocessing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security measures, to the extent applicable, pursuant to applicable data protection laws;
- provide regular training in security and data protection to personnel who have been granted access to Personal Data;
- implement and maintain appropriate technical and organizational measures (including measures consistent with those to which AppZen is contractually committed to adhere insofar as they are equally relevant to the Subprocessor’s processing of Personal Data on AppZen’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification, AppZen reserves the right to audit the Subprocessor;
- promptly inform AppZen about any actual or potential security breach; and
- cooperate with AppZen to deal with requests from data controllers, data subjects or data protection authorities, as applicable.
Infrastructure Subprocessors
Customer Data is stored in either the US or Europe unless it is agreed by Customer and AppZen to move the location of where Customer Data is stored. Processing may take place in different data centers within a region to ensure performance and availability of the cloud service and outside the region for support purposes.
Below is a list of AppZen’s Subprocessors:
Entity name |
Applicable AppZen services |
Entity countries |
Purpose |
Amazon Web Services, Inc. |
AppZen cloud service |
United States or Europe |
Cloud infrastructure and hosting services |
AppZen Labs India Private Limited (AppZen’s wholly owned subsidiary) |
AppZen cloud service |
India |
Data research, engineering, support and data labeling |
Google, LLC and its affiliates |
AppZen cloud service |
United States or Europe |
Cloud infrastructure and hosting services, AI and document understanding services |
Heap, Inc. |
AppZen cloud service |
United States or Europe |
Usage analytics |
Microsoft Corporation and its affiliates |
AppZen cloud service |
United States or Europe |
Cloud infrastructure and hosting services, AI and document understanding services |
Okta, Inc. |
AppZen cloud service |
United States |
Single sign on |
Zendesk, Inc. |
AppZen support services |
United States |
Support ticketing system |