Sub-processor List & Data Privacy

Contrast Security, Inc. (“Contrast”) uses sub-processors to help in the delivery of products and to provide related support services to our customers. A sub-processor is a third-party vendor or service provider hired by Contrast to help perform specific tasks that involve handling personal customer data.

To ensure that we remain transparent to our customers and to comply with applicable law such as the General Data Protection Regulation (“GDPR”), we maintain an up-to-date list of the entities, functions, and locations of these sub-processors as referenced below. For any questions, please email privacy@contrastsecurity.com.

Contrast performs rigorous assessments on the information security and data protection practices of its sub-processors and requires each to commit to written obligations regarding their security measures and to demonstrate compliance with applicable personal data protection laws and regulations and other policies. To be notified whenever our Sub-processor listing is updated, please subscribe to our Trust Center Updates.

Sub-processor	Product	Contact details of sub-processor and data privacy officer	Processing location of data	Processing operations of sub-processor	Contrast service
Amazon.com, Inc.	Amazon Web Services (“AWS”)	410 Terry Avenue N Seattle, WA 98109 USA DPO: Amazon compliance support	Customers in the U.S. us-east-1 (Virginia USA) - primary us-west-2 (Oregon, USA) - primary us-east-2 (Ohio USA) - failover Data of US customers does not leave US Customers in the U.K. and E.U. eu-west-2 (London, UK) - primary eu-west-1 (Ireland) - failover eu-west-3 (Paris, France)- failover eu-central-1 (Frankfurt, Germany) - primary EU customers Data of EU customers does not leave EU* Customers in Japan ap-northeast-1 (Tokyo, Japan)- primary ap-northeast-3 (Osaka, Japan) - failover Data of customers in Japan does not leave Japan	Cloud hosting provider Backups of customer data	SaaS
Atlassian, Inc.	Jira Confluence	350 Bush Street Floor 13 San Francisco, CA 94194 USA DPO: dataprotection@atlassian.com	United States. Privileged users could potentially process from any of these locations: Bulgaria, Canada, Germany, Japan, Mexico, New Zealand, UK	Bug tracking Project management	SaaS On Premise
Anthropic PBC	Claude AI	548 Market Street PMB 90375 San Francisco, CA 94104 USA privacy@anthropic.com	United States	Code fix recommendations	SaaS
DarkTrace, Ltd.	Cybersecurity platform	555 Mission Street Suite 3225 San Francisco, CA 94105 USA DPO: privacy@darktrace.com	Headquartered in Cambridge, England and San Francisco, California, United States	Email security	SaaS On Premise
Datadog, Inc.	Datadog platform	620 8th Ave 45th Floor New York, NY 10018 USA DPO: gdpr@datadoghq.com privacy@datadoghq.com	United States European Union Japan	Log aggregation Alerting and security anomaly detection Confidential data captured in vulnerabilities or attack trace data Admin user information	SaaS
Gong.io, Inc.	Gong	201 Spear St 13th Floor San Francisco, CA 94105 USA privacy@gong.io	United States	Revenue intelligence platform	SaaS On Premise
Google, Inc.	Workspace Gemini Enterprise	1600 Amphitheatre Pkwy Mountain View, CA 94043 USA DPO: Google Privacy form	United States	Email File storage Collaboration Hosting Platform services	SaaS On Premise
LinearB, Inc.		29 Colorado Ave Santa Monica, CA 90401 USA DPO: privacy@linearb.io	United States	Bug tracking and metrics	SaaS On Premise
OpenAI, Inc.	ChatGPT	3180 18th St San Francisco, CA 94110 USA privacy@openai.com	United States	Content creation	SaaS On Premise
Salesforce, Inc.	Slack Technologies Tableau	415 Mission St San Francisco, CA 94105 USA privacy@salesforce.com	United States	Customer support communication and collaboration	SaaS On Premise
Snowflake, Inc.	Platform Cortex AI	106 East Babcock St Suite 3A Bozeman, MT 59715 USA privacy@snowflake.com	United States	Data warehouse	SaaS
Wiz, Inc.	Cloud security platform	One Manhattan West 57th Floor New York, NY 10001 USA DPO: privacy@wiz.io	United States	Infrastructure monitoring Vulnerability management Threat intelligence Compliance reporting Vulnerability data related to the SaaS environment	SaaS
Zendesk, Inc.	Customer service platform	999 Market St San Francisco, CA 94103 USA DPO: privacy@zendesk.com euprivacy@zendesk.com Attn: Privacy Team and DPO	United States Customer success employees with privileged access could potentially access from any of these locations: Canada, Japan, UK	Customer Relationship Management (“CRM”)	SaaS On Premise
Zoom Communications, Inc.	Zoom Workplace	55 Almaden Blvd Suite 600 San Jose, CA 95113 USA DPO: privacy@zoom.us Attn: Data Protection Officer	United States	Calling Conferencing Communication	SaaS On Premise

Professional services
Sub-processor	Product	Contact details of sub-processor and data privacy officer	Processing location of data	Processing operations of sub-processor	Contrast service
iWAconsolti	N/A	Prolongation of Oriente 6 #996 B Col. Centro. Orizaba Veracruz, MX CP 94300 DPO: Gerardo Arellano bolsadetrabajo@iwa.com.mx	Mexico	Engineering R&D support	SaaS On Premise
NLS Systems, Ltd.	N/A	147 Pinehaven Road Pinehaven, Upper Hutt, 5019 New Zealand info@nls.systems	New Zealand	Engineering R&D support	SaaS On Premise

^{*unless otherwise specified in customer contract/agreement}

Sub-processor list

As of February 2026