What can we help you find? Trust Global Privacy Program Quick Guide: Subprocessors

Quick Guide: Subprocessors

Revised: 23 February 2024

Background

Subject to the instruction of a Customer, Coupa Software, Inc. ("Coupa") hosts a Customer instance either in the Europe Economic Area, United States of America, in the APAC region or as otherwise agreed. In the course of providing services on the Coupa Platform, Coupa personnel located inside and outside of the selected hosting region may require access to Customer Data.

In addition, Coupa and its Affiliates engage third-party contractors and suppliers in the context of the provision of the Coupa Platform and selected Hosted Applications (“Third-Party Suppliers”). Some of these Third-Party Suppliers may have access to, and process, Customer Data, including Customer Personal Data (“Subprocessors”).

This quick guide shall provide you with an overview on the various Subprocessors currently used by Coupa in the performance of the Coupa services. Please note that the specific details of Subprocessors used for each Customer depend on the individual subscription scope and configuration. This quick guide is subject to change.

Default Subprocessors

If you are a customer on the Coupa platform, the following Third-Party Suppliers are used as default Subprocessors.

Name and Address	Scope of Subprocessing
Amazon Web Services Inc. Fortune Chambers, 410 Terry Avenue North Seattle, WA 98109-5210, USA https://aws.amazon.com/	Cloud-Infrastructure Services (including Rekognition service (https://aws.amazon.com/rekognition/faqs/) where regional availability and restrictions applyⁱ and Simple Email Service)ⁱⁱ
Coupa and its Affiliates In the Europe Economic Area, USA, UK, Colombia³ ,and India	Customer Support Services

Additional Subprocessors

Depending on the individual subscription scope and configuration of a Customer on the Coupa platform, the following Third-Party Suppliers are used as additional Subprocessors by Coupa when providing the services.

Name and Address	Hosted Application / Service	Scope of Subprocessing
Looker Data Sciences Inc. a Google company 101 Church Street, Santa Cruz, CA 95060 USA https://looker.com/ Snowflake Inc. 450 Concar Drive, San Mateo, CA, 94402, USA www.snowflake.com	Analytics	Reporting, analytics, and dashboarding
TrustWeaver AB a Sovos Compliance, LLC company 200 Ballardvale Street, Building 1 4th Floor Wilmington, MA 01887, USA https://sovos.com/	Compliant eInvoicing, Expenses	Electronic signature
Concentrix - Dalian Jumeng Technologies Development Ltd. 4F, 18 Software Park Road Shanhekou District, Dalian P.R. China 116023 www.concentrix.com	Customer Support in Chinese or Japanese language (upon request only)	Customer Support Services (1st Level) for Customers with locations in China and Japan
Microsoft Corp. One Microsoft Way Redmond, Washington 98052, USA https://azure.microsoft.com/	InvoiceSmash,Sourcing Optimization	Cloud-Infrastructure Services (separate hosting)
Traxo, Inc. 211 N. Ervay St. Suite 500 Dallas, TX 75021, USA www.traxo.com	Expenses	Parses confirmation emails and passes travel itinerary information to Coupa Travel Service for processing
Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA https://cloud.google.com/	Various (Expenses, Mobile, CSP, Spend Guard)	Google Vision (OCR)^iii, Google Translation, Google Maps, Google Places, Google Analytics^iv
Twilio Inc. 375 Beale Street, Suite 300 San Francisco, CA 94105, USA www.twilio.com	Supplier Portal - Notification (if enabled by supplier)	Sends text message notification to the supplier
Conferma Ltd. 5 Brooks Drive, Cheadle Royal Business Park Cheadle, Cheshire, SK8 3TD, United Kingdom https://confermapay.com/	Pay	Provides connectivity to Banks, Credit Card Networks, and other Conferma partners
Mastercard International Incorporated^v 200 Purchase Street Purchase, NY 10577, USA https://www.mastercard.com	Pay	Provides connetivity to issuers and banks
CXG Outsourcing EOOD 1234 Sofia, Business Center Labirint 25 Prof. d-r Petar Dertliev str., Bulgaria https://cx-g.com/	Managed Services	Provides additional staffing for AIC data analytics, supplier enablement, and other managed services
Iterable, Inc. 71 Stevenson St, Suite 300 San Francisco, CA 94105, USA https://iterable.com/ Segment.io, Inc. a Twilio company 100 California Street, Suite 700 San Francisco, CA 94111, USA https://segment.com/	Early Payment Discounting	Provides messaging services to suppliers and financing partners
Viewpost North America, LLC 315 E. Robinson Street, Suite 225 Orlando, FL 32801, USA www.viewpost.com	Pay	Check Printing

^{[i] For more details see https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/.
[ii] For more details seehttps://aws.amazon.com/ses/.
[iii] Google uses distributed global data centers to temporarily process image files and return back results of the OCR function. Google currently does not offer regionalization of processing within Google Cloud Vision API. For more details see https://cloud.google.com/vision/docs/data-usage.
[iv]}^{Google Translation, Google Maps, Google Places and Google Analytics may in their terms of use, seek to use customer personal data from time to time; however Coupa does not share such personal data with Google.}^{Coupa utilizes Google Maps for certain products which require location-based services. Google requires that the following terms are notified to customers as part of Coupa’s obligations in its use of Google Maps: (1) Google Maps/Google Earth Additional Terms of Service: https://maps.google.com/help/terms_maps.html; and (2) Google Privacy Policy https://www.google.com/policies/privacy/.}
^{[v] Mastercard International Incorporated is expected to be offered to customers from later in Q1 of 2024.}

Legacy Subprocessors & Subcontractors

If you are a Customer on a legacy platform of a company previously acquired by Coupa, the following legacy subcontractors are currently used. Depending on the configuration, some of the legacy subcontractors may have access to Customer Personal Data and thus qualify as a Subprocessor. Other subcontractors are listed for information only.

Legacy Application	Name and Address	Scope of Services
2017 - Simeno (myCatalogPool)	ITpoint Systems AG Riedstrasse 1, CH-6343 Rotkreuz, Switzerland www.itpoint.ch	Cloud-Infrastructure Services
2018 - Aquiire (Catalog Management)	Microsoft Corp. (details as before)	Cloud-Infrastructure Services
2018 - DCR Workforce (now Contingent Workforce)	Amazon Web Services Inc. (details as before)	Cloud-Infrastructure Services
2018 - DCR Workforce (now Contingent Workforce)	Microsoft Corp. (details as before)	Cloud-Infrastructure Services
2019 - Exari (now Contract Lifecycle Management Advanced)	Amazon Web Services Inc. (details as before)	Cloud-Infrastructure Services
2020 - Bellin (now Treasury)	PlusServer GmbH Hohenzollernring 72, 50672 Cologne, Germany https://www.plusserver.com/	Colocation Services
2020 - Bellin (now Treasury)	ComputerLine GmbH Zellgut 7, 6214 Schenkon, Switzerland https://www.computerline.com	Colocation Services
2020 - LLamasoft (now Supply Chain Planning)	Amazon Web Services Inc. (details as before)	Cloud-Infrastructure Services

_{Legal Disclaimer - This website is provided for informational purposes only and should not be considered as legal advice and does not discuss other privacy-related laws or regulations that may also be relevant to our customers and prospects, including any industry-specific requirements. The relevant privacy and data protection laws and regulations applicable to individual companies will depend on several factors, including but not limited to where a company conducts its business, the industry in which it operates, the type of content it wishes to store, where or from whom the content originates, and where the content will be stored.}