Snowflake · Snowflake Sub-Processors · View original document ↗

Snowflake Affiliate Inclusion as Sub-processors

Medium severity Medium confidence Inferredfromcontext Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Snowflake recorded 7 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Snowflake Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

The document includes Snowflake's own affiliated group entities alongside third-party sub-processors, disclosing that Snowflake affiliates may also process customer data as part of service delivery.

This analysis describes what Snowflake's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision establishes that intra-group data transfers within the Snowflake corporate family are subject to the same sub-processor framework as third-party vendor transfers, which is a GDPR Article 28 compliance requirement and creates separate due diligence obligations for customers assessing the full scope of entities handling their data.

Interpretive note: The specific affiliates listed and their processing locations were not fully extractable from the truncated document source.

Consumer impact (what this means for users)

The document establishes that Snowflake affiliates, in addition to third-party vendors, are authorized to process customer data, meaning enterprise customers must account for intra-group transfers as part of their data mapping and transfer mechanism assessments.

Cross-platform context

See how other platforms handle Snowflake Affiliate Inclusion as Sub-processors and similar clauses.

Compare across platforms →

Monitoring

Snowflake has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: Inclusion of group affiliates as sub-processors engages GDPR Article 28 obligations, which apply equally to intra-group and third-party processing relationships. Where affiliates are located in non-EEA countries, intra-group transfers must be covered by Standard Contractual Clauses, Binding Corporate Rules, or another approved mechanism. The UK GDPR applies equivalent requirements for transfers involving UK personal data. Enforcement authority rests with the relevant EU supervisory authority and the UK ICO. (2) GOVERNANCE EXPOSURE: Medium. Customers may assume that intra-Snowflake processing is limited to the contracting entity, but affiliate inclusion establishes a broader processing footprint. Compliance teams should verify that Snowflake's DPA covers affiliate processing and that any intra-group international transfers are supported by adequate transfer mechanisms, including assessment of whether Snowflake's Binding Corporate Rules or SCCs cover the affiliate entities listed. (3) JURISDICTION FLAGS: EU and UK customers face the primary exposure where affiliates are located in non-adequate jurisdictions such as the United States. Customers in sectors with strict data localization requirements should assess whether affiliate processing locations are consistent with their contractual and regulatory obligations. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should confirm that their DPA with Snowflake explicitly covers affiliate processing and specifies the transfer mechanisms applicable to intra-group data flows. Where affiliates are added or removed from the list, customers with objection rights under their DPA should assess whether the change triggers a review obligation. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should map each listed affiliate against the jurisdictions in which it operates and verify the applicable transfer mechanism. Records of Processing Activities maintained under GDPR Article 30 should reflect the full scope of Snowflake affiliates listed as authorized processors, not solely the contracting Snowflake entity.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Provision details

Document information
Document
Snowflake Sub-Processors
Entity
Snowflake
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013464
Document ID
CA-D-00936
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
edd0027706a2587bd4b797cb9dc214cc38c6d7a132ec318dcd330f3e03d23947
Analysis generated
July 6, 2026 23:26 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Snowflake
Document: Snowflake Sub-Processors
Record ID: CA-P-013464
Captured: 2026-07-06 23:26:12 UTC
SHA-256: edd0027706a2587b…
URL: https://conductatlas.com/platform/snowflake/snowflake-sub-processors/snowflake-affiliate-inclusion-as-sub-processors/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Snowflake's Snowflake Affiliate Inclusion as Sub-processors clause do?

This provision establishes that intra-group data transfers within the Snowflake corporate family are subject to the same sub-processor framework as third-party vendor transfers, which is a GDPR Article 28 compliance requirement and creates separate due diligence obligations for customers assessing the full scope of entities handling their data.

How does this clause affect you?

The document establishes that Snowflake affiliates, in addition to third-party vendors, are authorized to process customer data, meaning enterprise customers must account for intra-group transfers as part of their data mapping and transfer mechanism assessments.

Is ConductAtlas affiliated with Snowflake?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Snowflake.