Subprocessors
At Owkin, we engage a limited number of carefully vetted third-party service providers (“subprocessors”) to support the delivery, maintenance, and enhancement of our services. Each subprocessor may have access to or process personal data on our behalf in the course of providing its services. We maintain a rigorous due diligence process to assess their technical and organizational measures, ensuring they meet the standards required under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).
This page identifies our current subprocessors, describes the nature of their processing activities and safeguards in place.
Amazon Web Services EMEA SARL (and its approved subprocessors)
Cloud infrastructure, hosting, storage, networking, and related operational services supporting our SaaS platform.
Customer data, including personal data contained in customer accounts and application usage data.
EU (Ireland)
Data Processing Addendum (DPA) in place; certified under ISO 27001, SOC 2, and GDPR-compliant Standard Contractual Clauses (SCCs) for international transfers; CCPA-compliant terms.
Anthropic PBC (via AWS Marketplace)
AI and large language model processing for product features involving natural language understanding and generation.
Text input data submitted by users for AI-based processing.
EU (Ireland) - hosted on AWS infrastructure
DPA and SCCs in place via AWS Marketplace; data access limited to processing context; CCPA-compliant terms.
Qdrant GmbH (via AWS Marketplace)
Managed vector database services for semantic search, embeddings storage, and similarity queries.
Metadata, vector embeddings derived from public data (no raw personal data stored directly).
EU (Ireland) - hosted on AWS infrastructure
DPA in place via AWS Marketplace; GDPR-compliant data transfer mechanisms and SCCs; CCPA-compliant data processing terms.
PostHog Ltd.
Product analytics and usage tracking to improve user experience, feature adoption, and platform performance.
Usage data (e.g., feature interactions, session metadata, device/browser info, timestamps). No customer content or sensitive personal data collected.
EU (Germany, hosted on AWS infrastructure)
GDPR-compliant DPA; SCCs for data transfers outside the EEA; CCPA-compliant processing terms.
Langfuse GmbH
Observability and tracing for AI workflows, including monitoring of model inputs, outputs, and performance metrics.
Application logs, metadata, and pseudonymized user interaction data. No sensitive personal data intentionally processed.
EU (Ireland, hosted on AWS infrastructure)
GDPR-compliant DPA; SCCs for international transfers as applicable; CCPA-compliant terms.
Zendesk, Inc
Customer support, helpdesk, and ticketing platform used to manage and respond to customer service inquiries.
Customer contact information (e.g., name, email), communication content, and related metadata.
US (hosted on AWS infrastructure)
GDPR-compliant DPA and SCCs in place; SOC 2 and ISO 27001 certified; CCPA-compliant data processing terms.
Last updated