Anthropic Subprocessor Changes(trust.anthropic.com)
trust.anthropic.com
Anthropic Subprocessor Changes
https://trust.anthropic.com
55 comments
With respect to my private data, it seems all roads eventually lead to California.
Sorry, what does that means? GDPR national here
Just a quip that all technology companies seem to eventually include sending data back to a Californian company or startup, usually for the purposes of hosting, advertising or profiling.
Probably a reference to Silicon Valley?
Notable: Added "Microsoft Azure, which provides cloud infrastructure for all Anthropic products (Worldwide)."
That is significant for us. We have already accepted the risk of using Microsoft Azure so we use GitHub Copilot for that reason.
We have Claude disabled at the moment but if Anthropic has moved over to Azure then we can consider to start using it.
"Accepted the risk", just in case people don't know, is a compliancy term. I don't mean that Azure is risky.
We have Claude disabled at the moment but if Anthropic has moved over to Azure then we can consider to start using it.
"Accepted the risk", just in case people don't know, is a compliancy term. I don't mean that Azure is risky.
> I don't mean that Azure is risky.
Depending on the company and their sector, people will nod in approval, or start laughing.
My company also accepted the risk of using Microsoft. We have a "data sharing agreement" together, with very powerful magical words. Compliance people are happy and sleep well.
Depending on the company and their sector, people will nod in approval, or start laughing.
My company also accepted the risk of using Microsoft. We have a "data sharing agreement" together, with very powerful magical words. Compliance people are happy and sleep well.
I consider Azure risky and I would love to hear more about the companies and sectors that would laugh (with me). So which ones are you talking about?
They added Microsoft but alongside them also list Google and Amazon for "all products".
Ahh now it is clear why so many outages lately. Solid choice.
When you host a solid model on terrible infrastructure, the infrastructure wins
Hopefully it goes better for them than it has for GitHub.
They announced a $30b+ commitment with Azure back in November, so not really a surprise that Azure is now listed as one of their cloud providers.
https://www.anthropic.com/news/microsoft-nvidia-anthropic-an...
To be clear, for those reading these comments and thinking “oh no Azure”, this is an addition to the list of cloud companies that provide “cloud infrastructure worldwide” for “all products”. Alongside GCP and AWS. This is not a GitHub style announcement that they’ve moved all operations to Azure.
Coincidently, Claude Code appears to be down right now (in Europe West at least).
Everytime I hear of something X Azure announcement, that something just seem to break right away.
I know correlation is not causation, but my opinion of Azure is already too damn low to not link those two events.
Everytime I hear of something X Azure announcement, that something just seem to break right away.
I know correlation is not causation, but my opinion of Azure is already too damn low to not link those two events.
It's also down for me here in Brazil. Getting overloaded errors for about one hour now. It's been happening a lot this week. Is this normal for Anthropic?
Working fine for me right now, from Brazil. Claude via Github Copilot at least.
I'm using Claude Code on the terminal. Not sure if it matters.
API Error: 529
{
"type": "error",
"error": {
"type": "overloaded_error",
"message": "Overloaded. https://docs.claude.com/en/api/errors"
},
"request_id": "..."
}
The promotional double usage period is just about to end too. Sucks.It's down for me too. A colleague says it's up though - it's possible they're shedding different groups of users (he has the Max subscription, I don't).
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
[deleted]
I don’t know what I am looking at there. What is a subprocessor?
It’s a legal term for handling data. It’s when Anthropic uses an external party to handle their data / systems, but Anthropic is the legal entity responsible for the data privacy, as the customer (you) has a contract with Anthropic.
https://www.gdprsummary.com/gdpr-definitions/sub-processor/ in context of GDPR/DORA it is about formalized agreements with 3rd parties that will handle data, your own and of your clients.
The slopped page doesn't work properly on mobile chrome
so i thought there were multiple fedramp service providers offering hosted claude models. not sure why they are linking to one in particular
Where are they linking to just one? The chart shows three: Palantir, AWS GovCloud, and GCP w/FR-High Assured Workload.
The chart should show ITAR also IMO. Only Palantir and AWS GovCloud would have checkboxes and that’s extremely relevant to defense contractors. (Vertex AI is available within an FR-High assured workload but not ITAR, the only conceivable reason for which would be foreign person access to the US sovereign production environment.)
The chart should show ITAR also IMO. Only Palantir and AWS GovCloud would have checkboxes and that’s extremely relevant to defense contractors. (Vertex AI is available within an FR-High assured workload but not ITAR, the only conceivable reason for which would be foreign person access to the US sovereign production environment.)
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.
Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.
Title: Welcome to the Anthropic Trust Center
.. was this a deep link? You might want to repeat in the comments
.. was this a deep link? You might want to repeat in the comments
> Anthropic Subprocessor Changes
> General
> Published March 26, 2026
> We've updated our subprocessor list with three additions
Works for me, gotta scroll down a bit
> General
> Published March 26, 2026
> We've updated our subprocessor list with three additions
Works for me, gotta scroll down a bit
That's an h3 not a title. Looks like they probably meant: https://trust.anthropic.com/updates, it's still an entry in an h3 (with "Welcome to the Anthropic Trust Center" as the title), but it is at least the most recent update (canonical would stop this being directly linked)
wewewedxfgdf(4)
rvz(1)
WTF is a "subprocessor"?
They should just be honest and say "data loophole".
They should just be honest and say "data loophole".
It’s basically another party that is used as infrastructure by the company you’re using the services of, who has access to your data, but that sub processor doesn’t need to extend its terms down into the eula. So like if you host databases on aws, they are your sub processor.
It is an important legal concept under the GDPR and other data governance frameworks.