5 Total
0 High severity
5 Medium severity
0 Low severity
Summary

This is Snowflake's publicly published list of sub-processors and affiliates, identifying the third-party companies and Snowflake group entities authorized to process customer data as part of delivering Snowflake's cloud data platform. The document discloses each sub-processor's name, the service category they perform (such as cloud infrastructure, customer support tooling, or security operations), and the country or region where data processing occurs. Enterprise customers who have signed a Data Processing Addendum with Snowflake may have contractual rights to object to new sub-processors or to receive advance notice of changes to this list, though those rights are governed by the DPA rather than by this list itself.

Technical / Legal Breakdown

This document is Snowflake's Sub-processors and Affiliates list, published under Snowflake's legal and privacy framework, disclosing the third-party entities and Snowflake-affiliated companies authorized to process customer data in connection with Snowflake's cloud data platform services. The document identifies sub-processors by name, category of service performed, and data processing location, fulfilling disclosure obligations asserted under data processing agreements between Snowflake and its enterprise customers. The list is structured to satisfy controller-to-processor transparency requirements under GDPR Article 28, which mandates that processors disclose sub-processor identities and obtain controller authorization before engaging sub-processors; the document does not itself specify the contractual mechanisms or objection timelines Snowflake employs when adding new sub-processors, which are typically addressed in the governing Data Processing Addendum (DPA) rather than this list. This document primarily engages GDPR and UK GDPR sub-processor notification obligations, and may also interact with CCPA/CPRA service provider disclosure requirements applicable to California-based customers; the precise compliance obligations depend on the governing contract, the customer's jurisdiction, and whether the customer qualifies as a GDPR controller or CCPA business. Enterprise customers with contractual audit rights or sub-processor objection rights under their DPAs should treat this list as a trigger document for data mapping reviews and vendor assessments.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Get Compliance
Medium — 5 provisions

Monitoring

Snowflake has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Get Compliance

Cross-platform context

See how other platforms handle Cloud Infrastructure Sub-processor Authorization and similar clauses.

Compare across platforms →
Archival ProvenanceSource & Archival Record
Last Captured July 6, 2026 22:44 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000936
Version ID CA-V-004533
SHA-256 78a6e16dd3159fc2d602a3ee1c68e30dd1fd4b2c775842c21d2702f594f4f363
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans