Compliance & security
Sub-processor
A third party the vendor uses to process your data (cloud, LLM provider, etc.).
A sub-processor is any third party the vendor uses to process your data โ typically the cloud platform (AWS, Azure, GCP) and the foundation-model provider. Under GDPR and good security hygiene, sub-processors must be disclosed and bound to equivalent terms.
Ask for the sub-processor list before you sign, particularly which LLM provider sees your transcripts.
See also
- GDPR โ EU data-protection law โ non-negotiable for any EU healthcare deployment.
- DPA (Data Processing Agreement) โ GDPR-required contract between you (controller) and the vendor (processor).