Quick Guide: Subprocessors

Revised: 23 December 2024

Background

Subject to the instruction of a Customer, Coupa Software, Inc. ("Coupa") hosts a Customer instance either in the Europe Economic Area, United States of America, in the APAC region or as otherwise agreed. In the course of providing services on the Coupa Platform, Coupa personnel located inside and outside of the selected hosting region may require access to Customer Data.

In addition, Coupa and its Affiliates engage third-party contractors and suppliers in the context of the provision of the Coupa Platform and selected Hosted Applications (“Third-Party Suppliers”). Some of these Third-Party Suppliers may have access to, and process, Customer Data, including Customer Personal Data (“Subprocessors”).

This quick guide shall provide you with an overview on the various Subprocessors currently used by Coupa in the performance of the Coupa services. Please note that the specific details of Subprocessors used for each Customer depend on the individual subscription scope and configuration. This quick guide is subject to change.

Default Subprocessors

If you are a customer on the Coupa platform, the following Third-Party Suppliers are used as default Subprocessors.

Name and Address Scope of Subprocessing
Amazon Web Services Inc.
Fortune Chambers, 410 Terry Avenue North
Seattle, WA 98109-5210, USA
https://aws.amazon.com/ 
Cloud-Infrastructure Services (including Rekognition service (https://aws.amazon.com/rekognition/faqs/) where regional availability and restrictions applyi and Simple Email Service)ii
Coupa and its Affiliates
In the Europe Economic Area, USA, UK, Colombia ,and India
 
Customer Support Services

Additional Subprocessors

Depending on the individual subscription scope and configuration of a Customer on the Coupa platform, the following Third-Party Suppliers are used as additional Subprocessors by Coupa when providing the services.

Name and Address Hosted Application / Service Scope of Subprocessing

Looker Data Sciences Inc. a Google company
101 Church Street, Santa Cruz, CA 95060 USA
https://looker.com/

 

Snowflake Inc.
450 Concar Drive, San Mateo, CA, 94402, USA
www.snowflake.com

Analytics

 

Reporting, analytics, and dashboarding

TrustWeaver AB a Sovos Compliance, LLC company
200 Ballardvale Street, Building 1
4th Floor Wilmington, MA 01887, USA
https://sovos.com/

Compliant eInvoicing, Expenses

Electronic signature

Microsoft Corp.
One Microsoft Way
Redmond, Washington 98052, USA
https://azure.microsoft.com/

InvoiceSmash
Sourcing Optimization

Supply Chain Collaboration
Contracts Intelligence
Platform Capabilities
InvoiceSmash
Category Planner

Cloud-Infrastructure Services (separate hosting)


Azure OpenAI-supported capabilities

Amazon Web Services Inc.
Fortune Chambers, 410 Terry Avenue North
Seattle, WA 98109-5210, USA
https://aws.amazon.com/

Platform Capabilities

Sensitive information protection for Generative AI applications

Traxo, Inc.
211 N. Ervay St. Suite 500
Dallas, TX 75021, US
www.traxo.com

 

Expenses

Parses confirmation emails and passes travel itinerary information to Coupa Travel Service for processing.

Google LLC.
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
https://cloud.google.com/

Various (Expenses, Mobile, CSP, Spend Guard, InvoiceSmash, Contracts, Contract Intelligence) Google Vision (OCR)iii, Google Translation, Google Maps, Google Places, Google Analyticsiv

Twilio Inc.
375 Beale Street, Suite 300
San Francisco, CA 94105, USA
www.twilio.com

Supplier Portal - Notification (if enabled by supplier)

Sends text message notification to the supplier

Conferma Ltd.
5 Brooks Drive, Cheadle Royal Business Park
Cheadle, Cheshire, SK8 3TD, United Kingdom
https://confermapay.com/

Pay Provides connectivity to Banks, Credit Card Networks, and other Conferma partners

Mastercard International Incorporated
200 Purchase Street
Purchase, NY 10577, USA
https://www.mastercard.com

Pay Provides connetivity to issuers and banks

CXG Outsourcing EOOD
1234 Sofia, Business Center Labirint
25 Prof. d-r Petar Dertliev str., Bulgaria
https://cx-g.com/

Managed Services Provides additional staffing for AIC data analytics, supplier enablement, and other managed services

Iterable, Inc.
71 Stevenson St, Suite 300
San Francisco, CA 94105, USA
https://iterable.com/

Segment.io, Inc. a Twilio company
100 California Street, Suite 700
San Francisco, CA 94111, USA
https://segment.com/

Early Payment Discounting Provides messaging services to suppliers and financing partners

Viewpost North America, LLC
315 E. Robinson Street, Suite 225
Orlando, FL 32801, USA
www.viewpost.com

Pay Check Printing

Qlik Technologies Inc.
211 South Gulph Road, Suite 500
King of Prussia, PA 19406
https://www.qlik.com/us

SCDP Visualization

 [i] For more details see https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/.
 [ii] For more details seehttps://aws.amazon.com/ses/.
 [iii] Google uses distributed global data centers to temporarily process image files and return back results of the OCR function. Google currently does not offer regionalization of processing within  Google Cloud Vision API. For more details see https://cloud.google.com/vision/docs/data-usage.
 [iv]
Google Translation, Google Maps, Google Places and Google Analytics may in their terms of use, seek to use customer personal data from time to time; however Coupa does not share such personal data with Google. Coupa utilizes Google Maps for certain products which require location-based services. Google requires that the following terms are notified to customers as part of Coupa’s obligations in its use of Google Maps: (1) Google Maps/Google Earth Additional Terms of Service: https://maps.google.com/help/terms_maps.html; and (2) Google Privacy Policy https://www.google.com/policies/privacy/.

Legacy Subprocessors & Subcontractors

If you are a Customer on a legacy platform of a company previously acquired by Coupa, the following legacy subcontractors are currently used. Depending on the configuration, some of the legacy subcontractors may have access to Customer Personal Data and thus qualify as a Subprocessor. Other subcontractors are listed for information only.

Legacy Application Name and Address Scope of Services

2017 - Simeno
(myCatalogPool)

ITpoint Systems AG
Riedstrasse 1, CH-6343 Rotkreuz, Switzerland
www.itpoint.ch

Cloud-Infrastructure Services
 

2018 - Aquiire
(Catalog Management)

Microsoft Corp.
(details as before)
Cloud-Infrastructure Services
 

2018 - DCR Workforce
(now Contingent Workforce)

Amazon Web Services Inc.
(details as before)
Cloud-Infrastructure Services
Microsoft Corp.
(details as before)
Cloud-Infrastructure Services

2019 - Exari
(now Contract Lifecycle Management)

Amazon Web Services Inc.
(details as before)
Cloud-Infrastructure Services

2020 - Bellin
(now Treasury)

PlusServer GmbH
Hohenzollernring 72, 50672 Cologne, Germany
https://www.plusserver.com/

Colocation Services

ComputerLine GmbH
Zellgut 7, 6214 Schenkon, Switzerland
https://www.computerline.com

Colocation Services

2020 - LLamasoft
(now Supply Chain Design and Planning)

Amazon Web Services Inc.
(details as before)
Cloud-Infrastructure Services

Legal Disclaimer - This website is provided for informational purposes only and should not be considered as legal advice and does not discuss other privacy-related laws or regulations that may also be relevant to our customers and prospects, including any industry-specific requirements. The relevant privacy and data protection laws and regulations applicable to individual companies will depend on several factors, including but not limited to where a company conducts its business, the industry in which it operates, the type of content it wishes to store, where or from whom the content originates, and where the content will be stored.