Omi Scribe Cloud — Sub‑processors

Version: 1.6

Last updated: 14 May 2026

Provider: Omi Health B.V., Eindhoven, Netherlands

Contact: [email protected]


This page lists the sub‑processors used by Omi Health B.V. to provide Omi Scribe Cloud (Managed).

We will update this page when sub‑processors are added or changed. Customers with a DPA may subscribe to change notifications by emailing [email protected].

> Note: This list is for the managed cloud product. For customer‑managed / self‑hosted deployments, the Customer selects and controls its own infrastructure and providers; the sub‑processor list below does not apply.

The cloud Service is delivered as a single deployment in Azure Sweden Central (EU). Customer Content from all geographies is processed in the EU. Customers requiring local data residency use Omi Scribe for Mac (on‑device) or customer‑managed self‑hosted deployment.


1. Current sub‑processors (EU cloud)

Sub‑processor (legal entity) Service Purpose Data processed Location
Microsoft Corporation Microsoft Azure (compute, networking) Hosting and operation of the Service Customer Content and Service Data Sweden Central (EU)
Microsoft Corporation Azure Database for PostgreSQL Primary database for sessions, transcripts, notes, audit logs, and usage Customer Content and Service Data Sweden Central (EU)
Microsoft Corporation Azure Blob Storage Storage of audio recordings (where enabled) Customer Content Sweden Central (EU)
Microsoft Corporation Azure Key Vault Secrets management Service secrets (not Customer Content) Sweden Central (EU)
Microsoft Corporation Azure GPU VM AI processing (in‑region) Customer Content Sweden Central (EU)
Microsoft Corporation Azure AI Foundry (EU Data Zone Standard) AI processing (in‑region) Customer Content Sweden Central (EU data zone)
Microsoft Corporation Azure Communication Services (Email) Transactional email delivery (account verification, password reset) Service Data (recipient email address, message metadata; no clinical content) Europe (EU)

Notes on Microsoft AI services

Cross‑border safeguards for non‑EU Customers

For Customers established outside the EU, processing of Customer Content in the EU cloud is treated as a cross‑border situation. The following safeguards apply by default: UK government adequacy / UK IDTA / UK Addendum to the EU SCCs (UK Customers); EU Standard Contractual Clauses and (where applicable through Microsoft's certification) the EU‑US Data Privacy Framework (US Customers); Microsoft Online Services DPA commitments and APP 8 / NZ IPP 12 contractual safeguards (AU / NZ Customers). See the region‑specific Privacy Addenda for full detail.


2. Customer‑controlled integrations (not sub‑processors)

The following are typically not sub‑processors because they are selected and controlled by the Customer, and they do not process Customer Content on Omi Health’s behalf:

These providers may receive limited user authentication data or exported content under the Customer’s own terms and policies.


3. Changes and objections

When we add or replace a sub‑processor that will process Customer Content or Service Data on our behalf, we will:

1. Update this page at least 30 days before the new sub‑processor begins processing data (unless legally required to do so sooner). (Note: the Dutch Healthcare Addendum extends this to 3 months for customers who have signed that addendum.)

2. Notify Customers who have subscribed to sub‑processor change notifications.

3. Where a DPA applies, allow Customers to object within the timeframe set out in the DPA.


4. Contact

Questions about sub‑processors: [email protected]