How this list applies This page mirrors Annex 3 of our Data Processing Addendum. Where the DPA applies, this list forms part of it. We give Customers at least thirty (30) days’ prior written notice before adding or replacing any sub-processor that processes Customer Personal Data.
01How we use sub-processors
A Sub-processor is a third party we engage to process Customer Personal Data on our behalf, as defined in our Data Processing Addendum. Each sub-processor is bound by a written contract that imposes data protection obligations materially equivalent to those we owe our Customers, in accordance with clause 6.2 of the DPA.
Customers grant us a general written authorisation to engage sub-processors. Where the sub-processor is a provider of large language model or generative artificial intelligence services, we use only enterprise, no-training and zero-retention configurations, as required by clause 6.3 of the DPA.
02Current sub-processors
| Sub-processor | Service / Function | Processing Location(s) | Category |
|---|---|---|---|
| Google Cloud (Google LLC / Google Asia Pacific Pte. Ltd.) | Cloud infrastructure, hosting, storage and related services. | Singapore, EU, US (per Customer region selection); other regions for Enterprise deployments. | Cloud hosting |
| Amazon Web Services (AWS Asia Pacific Pte. Ltd.) | Cloud infrastructure, hosting, storage and related services. | Singapore, EU, US (per Customer region selection); other regions for Enterprise deployments. | Cloud hosting |
| OpenAI, OPCO, LLC | Large language model inference (enterprise, no-training, zero-retention endpoints). | As specified in OpenAI’s applicable enterprise terms. | LLM / AI |
| Anthropic, PBC | Large language model inference (enterprise, no-training, zero-retention endpoints). | As specified in Anthropic’s applicable enterprise terms. | LLM / AI |
| Vertex AI (provided by Google Cloud) | Large language model inference (enterprise, no-training, zero-retention endpoints). | As specified in Google Cloud’s applicable enterprise terms. | LLM / AI |
| Jonda Health proprietary models (hosted in contained environments) | Health-domain specific inference performed within Jonda Health-controlled or Sub-processor-hosted contained environments. | Same region as Customer’s selected hosting region. | AI / Internal |
| Mailjet (Mailjet SAS) | Transactional and notification email delivery (such as account verification, password resets and platform notifications to Authorised Users). | European Union. |
03AI sub-processor controls
Where we use sub-processors that provide large language model or generative AI services, we contractually require that:
- Customer Personal Data is not used by the sub-processor to train, fine-tune or otherwise improve any model that is made available to third parties;
- Customer Personal Data is not retained by the sub-processor beyond the period necessary to return the relevant inference output to Jonda Health (or such minimum period mandated by the sub-processor’s standard service for abuse-monitoring purposes only); and
- The sub-processor is bound by written contractual obligations of confidentiality and security materially consistent with the DPA.
Where we use proprietary models hosted in contained environments operated by Jonda Health or its sub-processors, those environments meet the security requirements of the DPA.
04A note on our personnel
Our personnel are not sub-processors. Members of our team, all employed by Jonda Health, access Customer Personal Data only as necessary to deliver and support the Services, on a least-privilege, need-to-know basis, and under enforceable confidentiality obligations and the security framework set out in Annex 2 of the DPA.
05Notification of changes
We give Customers at least thirty (30) days’ prior written notice before adding or replacing a sub-processor (which may be by email or by update to this page with notice within the Services), in accordance with clause 6.4 of the DPA.
06Right to object
Customers may object in writing to the appointment of a new sub-processor on reasonable, documented grounds relating to the protection of Customer Personal Data, within fourteen (14) days of receipt of our notice. We will discuss any objection in good faith with a view to reaching a resolution. If no resolution can be reached, we may, at our sole discretion, either (a) refrain from using the proposed sub-processor in respect of the Customer’s Personal Data; or (b) confirm that we will use the sub-processor, in which case the Customer’s sole and exclusive remedy is to terminate the affected portion of the Services on written notice without further liability for fees applicable to the period after termination, save that this shall not affect any pre-paid fees already due.
07Subscribe to updates
To receive notice of changes to this list, send an email with the subject line Subscribe sub-processor updates to privacy@jonda.health. We will add you to our notification list and confirm by reply.
