UPCOMING EVENTS:Product Research in 2026: After the AI Pipeline—26 May@Online (Vimeo)Details•UX, Product & Market Research Afterwork—25 Jun@Packhaus ViennaDetails•

Sub-processor

Third party that a vendor uses to deliver their service and that therefore also handles your data. Examples: cloud providers, LLM APIs, transcription services. Vendors must disclose them under GDPR and request permission before adding new ones.

Definition: Third party that a vendor uses to deliver their service and that therefore also handles your data. Examples: cloud providers, LLM APIs, transcription services. Vendors must disclose them under GDPR and request permission before adding new ones.

A sub-processor is any third party your vendor passes data to in order to deliver their service. A research analytics platform might use AWS for hosting, OpenAI for analysis, and a transcription service for audio. Each is a sub-processor; each touches your participant data; each carries GDPR obligations.

Under GDPR, vendors must maintain a current sub-processor list, make it accessible to customers, and notify customers before adding new ones. The customer typically has a right to object to new sub-processors and exit the contract if the addition is unacceptable.

For UX research, scan the sub-processor list before signing. Two warning signs: sub-processors outside the EU/EEA without adequate transfer safeguards, and AI-model providers known for using customer data in training. Either turns your tool choice into a privacy decision.

Mentions in the Knowledge Hub

This term is referenced in the following articles:

Evaluating AI Research Tools: A Durable Framework

The AI landscape changes weekly. Rather than chasing specific tools, you need a durable framework for evaluating any platform against principles that will not change: privacy, transparency, portability, and reproducibility.

Browse All Terms Need Help? Book a Call

Sub-processor - Definition | UX Research Glossary