Track 3 platforms and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Snowflake's publicly published list of sub-processors and affiliates, identifying the third-party companies and Snowflake group entities authorized to process customer data as part of delivering Snowflake's cloud data platform. The document discloses each sub-processor's name, the service category they perform (such as cloud infrastructure, customer support tooling, or security operations), and the country or region where data processing occurs. Enterprise customers who have signed a Data Processing Addendum with Snowflake may have contractual rights to object to new sub-processors or to receive advance notice of changes to this list, though those rights are governed by the DPA rather than by this list itself.
This document is Snowflake's Sub-processors and Affiliates list, published under Snowflake's legal and privacy framework, disclosing the third-party entities and Snowflake-affiliated companies authorized to process customer data in connection with Snowflake's cloud data platform services. The document identifies sub-processors by name, category of service performed, and data processing location, fulfilling disclosure obligations asserted under data processing agreements between Snowflake and its enterprise customers. The list is structured to satisfy controller-to-processor transparency requirements under GDPR Article 28, which mandates that processors disclose sub-processor identities and obtain controller authorization before engaging sub-processors; the document does not itself specify the contractual mechanisms or objection timelines Snowflake employs when adding new sub-processors, which are typically addressed in the governing Data Processing Addendum (DPA) rather than this list. This document primarily engages GDPR and UK GDPR sub-processor notification obligations, and may also interact with CCPA/CPRA service provider disclosure requirements applicable to California-based customers; the precise compliance obligations depend on the governing contract, the customer's jurisdiction, and whether the customer qualifies as a GDPR controller or CCPA business. Enterprise customers with contractual audit rights or sub-processor objection rights under their DPAs should treat this list as a trigger document for data mapping reviews and vendor assessments.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Get ComplianceMonitoring
Snowflake has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Get ComplianceCross-platform context
See how other platforms handle Cloud Infrastructure Sub-processor Authorization and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.