Omi Scribe Cloud — Sub‑processors
Version: 1.4
Last updated: 11 March 2026
Provider: Omi Health B.V., Eindhoven, Netherlands
Contact: [email protected]
This page lists the sub‑processors used by Omi Health B.V. to provide Omi Scribe Cloud (Managed).
We will update this page when sub‑processors are added or changed. Customers with a DPA may subscribe to change notifications by emailing [email protected].
> Note: This list is for the managed cloud product. For customer‑managed / self‑hosted deployments, the Customer selects and controls its own infrastructure and providers.
1. Current sub‑processors
| Sub‑processor (legal entity) | Service | Purpose | Data processed | Location / region |
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Azure (compute, networking) | Hosting and operation of the Service | Customer Content and Service Data | Sweden Central (EU) |
| Microsoft Corporation | Azure Database for PostgreSQL | Primary database for sessions, transcripts, notes, audit logs, and usage | Customer Content and Service Data | Sweden Central (EU) |
| Microsoft Corporation | Azure Blob Storage | Storage of audio recordings (where enabled) | Customer Content | Sweden Central (EU) |
| Microsoft Corporation | Azure Key Vault | Secrets management | Service secrets (not Customer Content) | Sweden Central (EU) |
| Microsoft Corporation | Azure AI Foundry (Data Zone Standard) | Speech-to-text, diarisation, and language model inference | Customer Content (audio for STT; transcripts/prompts for LLM) | Sweden Central (EU data zone) |
| Microsoft Corporation | Azure Communication Services (Email) | Transactional email delivery (account verification, password reset) | Service Data (recipient email address, message metadata; no clinical content) | Europe (EU) |
Notes on Microsoft AI services
- Where Azure AI Foundry is used, it operates under Microsoft enterprise data protection terms (https://aka.ms/DPA) and does not use customer data for model training.
- The “Data Zone Standard” deployment type is used for EU processing to keep model processing within the EU data zone.
2. Customer‑controlled integrations (not sub‑processors)
The following are typically not sub‑processors because they are selected and controlled by the Customer, and they do not process Customer Content on Omi Health’s behalf:
- Identity providers (SSO) configured by the Customer (e.g., Microsoft Entra ID / Azure AD, Google Workspace / Google Identity)
- The Customer’s EHR/EMR, storage, or internal systems connected via integration/export
- Customer-provided model endpoints (if the Customer configures the Service to call them)
These providers may receive limited user authentication data or exported content under the Customer’s own terms and policies.
3. Changes and objections
When we add or replace a sub‑processor that will process Customer Content or Service Data on our behalf, we will:
1. Update this page at least 30 days before the new sub‑processor begins processing data (unless legally required to do so sooner).
2. Notify Customers who have subscribed to sub‑processor change notifications.
3. Where a DPA applies, allow Customers to object within the timeframe set out in the DPA.
4. Contact
Questions about sub‑processors: [email protected]