Subprocessor List
Every third party we engage to process Customer Content, what it does, where, and under what safeguards. Short list, on purpose: four vendors can touch your records, every one under a BAA with zero-retention, no-training terms.
A. Subprocessors of Customer Content
These entities can process the records, imaging, and outputs you upload, solely to provide the Services. Each is bound by a subcontractor BAA and terms no less protective than the DPA — including the no-training flow-down.
us-east-1 ·
us-west-2 (DR)
Plan scope. This table describes Self-Service and Test-a-File processing. Under AI Enablement, records and model inference run inside your AWS or Azure tenancy under your keys and your cloud provider's BAA — the model-inference rows above are not engaged. Under Enterprise On-Prem, no subprocessor receives Customer Content unless you explicitly enable it. Details: DPA Annex 3.
B. Business-operations processors — no access to Customer Content
These vendors support running the business — billing, email, site analytics. They never receive medical records, imaging, or any Customer Content; they process only the visitor, account, and billing data described in the Privacy Notice.
What every Customer-Content subprocessor signs
We remain fully liable to you for every subprocessor's performance, as if it were our own (DPA §7.3).
Change notifications & objection rights
We add or replace a subprocessor of Customer Content only after 30 days' advance notice — by email to your account contacts and to everyone subscribed here. You may object on reasonable data-protection grounds within 14 days to [email protected]; if we can't resolve the objection, you may terminate the affected Services with a pro-rata refund of prepaid, unused fees (DPA §7.2). Emergency replacements for security reasons are notified as they happen, with the same objection rights.
Used only for subprocessor notices. Unsubscribe any time.