Our Subprocessors

Welcome to Insightly’s subprocessor page where we maintain a current list of subprocessors authorized to process customer data for Insightly services. Insightly imposes data protection terms with each subprocessor regarding their security controls and applicable regulations for the protection of personal data.

Google Inc

Amazon Web Services

















Sign up below to be notified of changes to the list:

Get Updates


What is a subprocessor?

A subprocessor is a term commonly used in the context of data processing and data protection, particularly in relation to the General Data Protection Regulation (GDPR) and other data privacy laws. In simple terms, a subprocessor is a third-party entity that is engaged by a data processor to perform specific tasks involving personal data on their behalf. These tasks can be part of the overall data processing activities and are often necessary to provide certain services or functionalities to the data controller (the organization that collects and determines the purposes and means of data processing).

The data processor, who is responsible for processing personal data on behalf of the data controller, may delegate some of its functions to a subprocessor. This delegation typically occurs through a written agreement between the data processor and the subprocessor, called a subprocessor agreement or data processing agreement. This agreement ensures that the subprocessor adheres to the same data protection obligations and security measures as the data processor.

It’s crucial for data processors to carefully select subprocessors to ensure they have the necessary expertise and security measures in place to handle personal data responsibly and in compliance with applicable data protection laws. Subprocessors may offer a variety of services, such as cloud storage, data analytics, customer support, or payment processing, among others.

The use of subprocessors can introduce additional complexities for the data controller and processor, as they remain ultimately responsible for the processing activities and data protection compliance. Therefore, it is essential for data processors to conduct due diligence on subprocessors and conduct proper risk assessments before engaging them.

Under the GDPR, the data processor is required to inform the data controller about the use of subprocessors and obtain explicit consent, except in cases where the engagement is necessary for the performance of the contract between the data controller and processor. Additionally, the data processor should ensure that the subprocessor provides sufficient guarantees regarding the implementation of appropriate technical and organizational measures to protect the personal data.

In summary, a subprocessor is an external entity engaged by a data processor to perform specific tasks involving personal data on behalf of a data controller. Proper management and oversight of subprocessors are essential to maintain data protection compliance and ensure the privacy and security of individuals’ personal information.

Experience the Insightly platform for yourself