Track 3 platforms and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Anthropic's subprocessor list, disclosing the third-party companies that handle data as part of delivering Claude and related products. The most operationally significant disclosure is that Google Cloud Platform, Amazon Web Services, and Microsoft Azure all serve as cloud infrastructure subprocessors for all Anthropic products, with worldwide processing locations, meaning customer data may be processed across multiple global regions by all three major cloud providers simultaneously. Stripe processes billing data for Claude Pro/Max, Claude Developer Platform, and Claude for Work in the United States, while WorkOS handles single sign-on and security for Claude for Work and the Developer Platform, also in the United States.
This document is Anthropic's publicly disclosed subprocessor list, published on the Anthropic Trust Center, identifying the third-party vendors that process data on behalf of Anthropic across its product lines including Claude Pro/Max, Claude Developer Platform, Claude for Work, and Claude for Government. The list discloses each subprocessor's name, functional category (e.g., cloud infrastructure, billing, user support, identity verification), geographic processing location, and the specific Anthropic products to which each subprocessor applies. Notably, the list distinguishes subprocessors by product scope, with some vendors such as Google Cloud Platform, Amazon Web Services, Microsoft Azure, and Cloudflare applying to all products, while others such as Stripe (billing), WorkOS (SSO), Intercom (user support), and Nutun (trust and safety) are scoped to specific product tiers; the exclusion of Intercom from Claude for Government is an operationally distinct carve-out that suggests differentiated data handling for government deployments. The subprocessor disclosure framework engages GDPR Article 28 requirements for controller-processor agreements and subprocessor notification obligations, as well as CCPA service provider disclosure norms, and organizations subject to FedRAMP, ITAR, or sector-specific data residency requirements should evaluate the worldwide processing locations listed for cloud infrastructure subprocessors. Compliance teams should note that the document does not disclose the contractual terms governing each subprocessor relationship, the specific data categories transferred to each vendor, or the legal mechanisms used for international data transfers, which represent standard due diligence gaps when assessing GDPR adequacy and SCCs applicability.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Get ComplianceMonitoring
Anthropic has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Get ComplianceCross-platform context
See how other platforms handle Cloud Infrastructure Subprocessors (Worldwide Scope) and similar clauses.
Compare across platforms →Anthropic is more transparent than most AI companies about data retention. Here's exactly what happens when you delete your data, and how t…
Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.