Sub-processors are categorized by the function they perform. For each entry we publish: name, function, processing location, and whether they are engaged in all deployments or only on customer election. Customer-deployed instances on customer-controlled infrastructure use only those sub-processors required for the operator function — never the full list.
For sovereign and on-premise deployments, the applicable sub-processor list is narrower and is recorded in the order form. The list below covers the maximum scope.
| Hyperscale cloud (regional) | Infrastructure-as-a-service for managed-cloud and SaaS-tier deployments. Engaged only where the customer has elected a hyperscaler deployment. Region pinned per contract (UAE / EU / India / customer-elected). |
| Sovereign cloud providers | Regional sovereign-cloud operators in markets where they are available. Engaged only on customer election. Specific operator named in the order form. |
| Customer-controlled infrastructure | Not a sub-processor. For on-premise and customer-cloud deployments, the customer is the operator of the underlying infrastructure. |
| Monitoring & observability | Telemetry, metrics, and structured logs from operated environments. Configured to exclude personal-data payloads from logs by default. Processing in regional facility per contract. |
| Backup & recovery | Managed backup and recovery for SaaS-tier deployments. Encryption at rest under customer-elected key custody. Region pinned per contract. |
| Email & notifications | Transactional email and SMS where the platform sends citizen-facing or operator-facing notifications. Customer can elect to substitute with their own provider. |
| National identity providers | Where the platform integrates with a national ID system (UAE Pass, eID, equivalent), the identity provider is operated by the relevant government authority and is not a sub-processor of Emeron. Configuration recorded in the deployment runbook. |
| Payment switches & PSPs | Where the platform integrates with payment switches or PSPs for citizen-facing services, those providers are typically engaged by the customer directly. Where Emeron engages them on the customer's behalf, they are added to the customer-specific sub-processor list in the order form. |
| Productivity & collaboration | Internal email, document collaboration, and communications. Used by Emeron staff in the conduct of customer engagement and support. Does not hold platform-resident personal data in normal operation. |
| Ticketing & support | Customer-success and support ticketing. Configured so support tickets do not include platform-resident personal data unless strictly necessary and redacted. |
| Identity provider for staff | Workforce identity, SSO, and MFA for Emeron personnel accessing customer environments under contractual operator rights. |
Existing customers receive sub-processor change notifications by email at least 30 days before a change takes effect, in addition to the change being posted here. To subscribe, or to confirm the right point of contact in your organization, write to privacy@emeron.io.
If you object to a proposed sub-processor change for legitimate data-protection reasons, the contractual change-control procedure in your master services agreement applies, including the right to terminate the affected portion of the service if a workable accommodation cannot be reached.
Sub-processor changes are notified in writing, in advance, with documented contractual recourse.