Omi Scribe Cloud — Sub‑processors
Version: 1.5
Last updated: 11 May 2026
Provider: Omi Health B.V., Eindhoven, Netherlands
Contact: [email protected]
This page lists the sub‑processors used by Omi Health B.V. to provide Omi Scribe Cloud (Managed).
We will update this page when sub‑processors are added or changed. Customers with a DPA may subscribe to change notifications by emailing [email protected].
> Note: This list is for the managed cloud product. For customer‑managed / self‑hosted deployments, the Customer selects and controls its own infrastructure and providers.
The Service is deployed in three regional clouds: EU (Azure Sweden Central) — live; Australia (Azure Australia East — serves ANZ) — rolling out; and US (Azure Central US) — rolling out. The Customer selects the region at order time. Each regional cloud is an isolated deployment; Customer Content is stored in the region the Customer selects and is not pooled across regions or across customers.
1. Current sub‑processors
1.1 EU region (Azure Sweden Central) — live
| Sub‑processor (legal entity) | Service | Purpose | Data processed | Location / region |
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Azure (compute, networking) | Hosting and operation of the Service | Customer Content and Service Data | Sweden Central (EU) |
| Microsoft Corporation | Azure Database for PostgreSQL | Primary database for sessions, transcripts, notes, audit logs, and usage | Customer Content and Service Data | Sweden Central (EU) |
| Microsoft Corporation | Azure Blob Storage | Storage of audio recordings (where enabled) | Customer Content | Sweden Central (EU) |
| Microsoft Corporation | Azure Key Vault | Secrets management | Service secrets (not Customer Content) | Sweden Central (EU) |
| Microsoft Corporation | Azure GPU VM | AI processing (in-region) | Customer Content | Sweden Central (EU) |
| Microsoft Corporation | Azure AI Foundry (EU Data Zone Standard) | AI processing (in-region) | Customer Content | Sweden Central (EU data zone) |
| Microsoft Corporation | Azure Communication Services (Email) | Transactional email delivery (account verification, password reset) | Service Data (recipient email address, message metadata; no clinical content) | Europe (EU) |
Each region uses dedicated GPU VMs and Azure AI Foundry for AI processing. All AI processing stays within the Customer's region.
1.2 Australia region (Azure Australia East) — serves AU + NZ — rolling out
| Sub‑processor (legal entity) | Service | Purpose | Data processed | Location / region |
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Azure (compute, networking) | Hosting and operation of the Service | Customer Content and Service Data | Australia East |
| Microsoft Corporation | Azure Database for PostgreSQL | Primary database | Customer Content and Service Data | Australia East |
| Microsoft Corporation | Azure Blob Storage | Storage of audio recordings (where enabled) | Customer Content | Australia East |
| Microsoft Corporation | Azure Key Vault | Secrets management | Service secrets (not Customer Content) | Australia East |
| Microsoft Corporation | Azure GPU VM | AI processing (in-region) | Customer Content | Australia East |
| Microsoft Corporation | Azure AI Foundry | AI processing (in-region) | Customer Content | Australia East |
| Microsoft Corporation | Azure Communication Services (Email) | Transactional email delivery | Service Data | Australia |
1.3 US region (Azure Central US) — rolling out
| Sub‑processor (legal entity) | Service | Purpose | Data processed | Location / region |
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Azure (compute, networking) | Hosting and operation of the Service | Customer Content and Service Data | Central US |
| Microsoft Corporation | Azure Database for PostgreSQL | Primary database | Customer Content and Service Data | Central US |
| Microsoft Corporation | Azure Blob Storage | Storage of audio recordings (where enabled) | Customer Content | Central US |
| Microsoft Corporation | Azure Key Vault | Secrets management | Service secrets (not Customer Content) | Central US |
| Microsoft Corporation | Azure GPU VM | AI processing (in-region) | Customer Content | Central US |
| Microsoft Corporation | Azure AI Foundry (US Data Zone Standard) | AI processing (in-region) | Customer Content | Central US (US data zone) |
| Microsoft Corporation | Azure Communication Services (Email) | Transactional email delivery | Service Data | United States |
Notes on Microsoft AI services
- Azure AI Foundry operates under Microsoft enterprise data protection terms (https://aka.ms/DPA) and does not use customer data for model training.
- The “Data Zone Standard” deployment type keeps AI processing within the Customer’s region.
UK customers
Today, UK customers are served by the EU region (Azure Sweden Central). A UK‑resident option is on the roadmap. Where Customer Content is transferred from the UK to the EEA, transfers rely on the UK government’s adequacy decision for the EEA; where adequacy is unavailable, the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs is used.
2. Customer‑controlled integrations (not sub‑processors)
The following are typically not sub‑processors because they are selected and controlled by the Customer, and they do not process Customer Content on Omi Health’s behalf:
- Identity providers (SSO) configured by the Customer (e.g., Microsoft Entra ID / Azure AD, Google Workspace / Google Identity)
- The Customer’s EHR/EMR, storage, or internal systems connected via integration/export
- Customer-provided model endpoints (if the Customer configures the Service to call them)
These providers may receive limited user authentication data or exported content under the Customer’s own terms and policies.
3. Changes and objections
When we add or replace a sub‑processor that will process Customer Content or Service Data on our behalf, we will:
1. Update this page at least 30 days before the new sub‑processor begins processing data (unless legally required to do so sooner). (Note: the Dutch Healthcare Addendum extends this to 3 months for customers who have signed that addendum.)
2. Notify Customers who have subscribed to sub‑processor change notifications.
3. Where a DPA applies, allow Customers to object within the timeframe set out in the DPA.
4. Contact
Questions about sub‑processors: [email protected]