OpenOS Technologies

Subprocessors

Third-party provider categories used to support OpenOS services.

The OpenOS Subprocessor List provides transparency into the categories of third-party providers that may process customer data in support of infrastructure, AI capabilities, operations, monitoring, communications, and engineering workflows.

Last updated 07 May 2026
Covers Provider categories, data handling, transfers, due diligence, and safeguards

Provider categories

The Subprocessor List states that OpenOS uses certain third-party service providers to support the delivery, maintenance, security, and improvement of its services. OpenOS also states that these providers are expected to meet appropriate privacy and security standards.

The document groups subprocessors into categories such as cloud infrastructure providers, AI or machine learning service providers, storage and database providers, security and monitoring providers, communication and support tools, and developer or DevOps tooling.

Representative list

Rather than promising a permanently fixed vendor list, OpenOS presents a representative list of providers that may be used depending on deployment region and customer configuration. Example categories include Azure cloud infrastructure, content delivery networks, large language model providers, machine learning infrastructure, vector database or embedding services, application performance monitoring tools, logging and observability platforms, email delivery services, ticketing systems, and CI/CD or infrastructure automation tools.

Data handling and transfers

The policy states that subprocessors may process customer account information, authentication data, uploaded datasets and documents, AI prompts and generated outputs, system logs, metadata, usage information, and performance data depending on the services being used.

It also notes that some subprocessors may operate outside the customer’s jurisdiction and that OpenOS uses safeguards such as Standard Contractual Clauses, contractual data protection commitments, encryption, and access controls where applicable.

Safeguards and due diligence

OpenOS states that subprocessors are required to maintain confidentiality, implement technical and organizational security measures, process data only for specified purposes, and comply with applicable data protection laws. OpenOS also states that it remains responsible for the performance and compliance of its subprocessors.

The document describes reasonable due diligence before engaging a subprocessor, including review of security and privacy practices, compliance posture, infrastructure controls, and ongoing checks over time. It also notes that the list may be updated as infrastructure evolves or new services are added.

Questions about subprocessors, vendor review, or procurement diligence can be sent to hello@openost.com. The original Word version is available above.