Subprocessor Notice
Notice status. This page is the live location for Ravan.ai's subprocessor notice referenced by the Data Processing Addendum. A subprocessor is a third party that may process Customer Personal Data on Ravan.ai's behalf while delivering the Services. Ravan.ai will not add a provider to the authorised register until its legal entity, service scope, processing location, and transfer mechanism have been verified by the security and privacy team.
Verified subprocessor information
The current production register is maintained against signed supplier records and is supplied to Customers as part of enterprise due diligence and their Data Processing Addendum. We do not publish unverified provider names, placeholder legal entities, or assumed processing locations because an incomplete register would be misleading.
Before Customer Personal Data is enabled: the Customer receives the verified provider record relevant to its deployment, including legal entity, processing purpose, data categories, primary locations, and applicable transfer mechanism.
How Ravan.ai manages subprocessors
- Conduct risk-based due diligence before authorising a subprocessor that may process Customer Personal Data.
- Use a written agreement that imposes data-protection obligations materially consistent with the Data Processing Addendum.
- Limit each subprocessor to the data and processing purpose needed for the applicable service.
- Maintain responsibility for subprocessors to the extent required by applicable data-protection law.
Advance notice of material changes
Customers provide general written authorisation for the subprocessors applicable to their deployment. Where required by applicable law or the Customer's agreement, Ravan.ai will provide reasonable advance notice of a new or replacement subprocessor by email, through the Services, or by updating this notice. A Customer may object promptly on reasonable, documented data-protection grounds.
Ravan.ai and the Customer will work in good faith to address a valid objection. If the parties cannot resolve the objection, the Customer's remedy is governed by the applicable Agreement.
International data transfers
Where Customer Personal Data protected by EU or UK data-protection law is transferred to a location without an applicable adequacy decision, Ravan.ai will use an applicable lawful transfer mechanism under the Data Processing Addendum. A location or residency commitment applies only where it is expressly recorded in the Customer's signed order or deployment documentation.
Request the current register
Send your workspace name and deployment requirements. We will provide the verified subprocessor record relevant to your service configuration.