Anthropic Subprocessor Changes (trust.anthropic.com)

by tencentshill 49 comments 114 points
Read article View on HN

49 comments

[−] ehnto 50d ago
With respect to my private data, it seems all roads eventually lead to California.
[−] tencentshill 50d ago
Notable: Added "Microsoft Azure, which provides cloud infrastructure for all Anthropic products (Worldwide)."
[−] louiereederson 50d ago
They announced a $30b+ commitment with Azure back in November, so not really a surprise that Azure is now listed as one of their cloud providers. https://www.anthropic.com/news/microsoft-nvidia-anthropic-an...
[−] ctmnt 50d ago
To be clear, for those reading these comments and thinking “oh no Azure”, this is an addition to the list of cloud companies that provide “cloud infrastructure worldwide” for “all products”. Alongside GCP and AWS. This is not a GitHub style announcement that they’ve moved all operations to Azure.
[−] craxyfrog 50d ago
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.

For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.

Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.

[−] yalogin 50d ago
I don’t know what I am looking at there. What is a subprocessor?
[−] motbus3 50d ago
The slopped page doesn't work properly on mobile chrome
[−] asawfofor 50d ago
so i thought there were multiple fedramp service providers offering hosted claude models. not sure why they are linking to one in particular
[−] craxyfrog 50d ago
Worth noting the distinction between subprocessors that handle customer data vs. those that handle operational/business data. The ones in the "Customer Data" category are where the compliance implications are most significant for enterprise customers under GDPR, HIPAA, or similar frameworks.

For anyone evaluating this for a procurement decision: the relevant questions are (1) which subprocessors have access to content you send in API requests, (2) what data processing agreements are in place with each, and (3) what is the notification window for new subprocessor additions. The 30-day notice for customer data subprocessors is fairly standard for enterprise SaaS at this point.

Publishing this list proactively rather than only on request is a positive signal, even if the list itself is fairly short.

[−] gnabgib 50d ago
Title: Welcome to the Anthropic Trust Center

.. was this a deep link? You might want to repeat in the comments

[−] wewewedxfgdf 50d ago
[flagged]
[−] rvz 50d ago
[flagged]
[−] octoberfranklin 50d ago
WTF is a "subprocessor"?

They should just be honest and say "data loophole".