This page lists the legal entities engaged by Vesence AB ("Vesence") as subprocessors for processing Customer Data under the DPA. It distinguishes between subprocessors used for the core hosted service and AI inference providers used only where the relevant provider/model route is enabled or selected. Customers can choose which supported AI inference providers are enabled or used for their environment.

Customer Data subprocessors

Microsoft Azure is required to operate the Vesence service. The other subprocessors are optional AI inference providers that are only engaged where the customer chooses to enable the corresponding provider/model route.

Notes on model providers and access

• Where Claude/Anthropic models are accessed through AWS Bedrock, Vesence lists Amazon Web Services EMEA SARL as the subprocessor. AWS Bedrock documentation states that model providers do not have access to Amazon Bedrock logs or to customer prompts and completions. Anthropic is therefore not listed as a separate subprocessor for that route unless a direct Anthropic integration is separately enabled.
• Where OpenAI models are accessed through Azure OpenAI, Vesence lists Microsoft Ireland Operations Limited as the subprocessor for that route.
• Where OpenAI models are accessed through OpenAI Direct, Vesence lists OpenAI Ireland Ltd. as the subprocessor for that route.

Data-processing posture for AI inference

Vesence configures AI inference routes to minimize retention and provider access to inference content. Provider terminology differs, so each route should be read according to the applicable provider documentation and customer configuration.

Azure OpenAI Service (Microsoft)

• Azure OpenAI inference for EU customer traffic should use either a regional EU deployment or an EU DataZone deployment where EU-bound AI processing is required.
• Global deployments should not be used for EU customer traffic where the requirement is EU-only processing unless the customer expressly accepts that processing scope.
• Vesence has Microsoft Modified Abuse Monitoring approval for all production Azure OpenAI accounts, meaning prompt/completion storage for default abuse-monitoring retention is waived for the approved configuration and human review for abuse monitoring is not performed under that approval.

AWS Bedrock (Amazon Web Services)

• AWS Bedrock documentation states that model providers do not have access to Amazon Bedrock logs or to customer prompts and completions.
• AWS Bedrock documentation also states that model providers do not have access to the model deployment accounts operated by the Amazon Bedrock service team.
• For Vesence's current Bedrock route, AWS Bedrock is used in eu-central-1 (Frankfurt).

OpenAI Direct (OpenAI)

• The OpenAI Services Agreement identifies OpenAI Ireland Ltd. as the OpenAI contracting party for customers located in the EEA or Switzerland.
• OpenAI states that content submitted to the OpenAI services is used only as necessary to provide the services, comply with law, enforce policies and prevent abuse, and is not used to develop or improve the services unless the customer explicitly agrees.
• OpenAI Zero Data Retention is available only for eligible endpoints/approved configurations. Vesence's routing is constrained to the approved ZDR-eligible endpoints when OpenAI Direct is used for Customer Data requiring that posture.

Change management

This list is maintained by Vesence as part of its DPA compliance.

• The list is updated before authorizing any new subprocessor to process Customer Data.
• Customers are notified of changes in accordance with the DPA and may object as set out in the DPA.
• For the current version of this list or notification of changes, contact compliance@vesence.com.