Subprocessors

Subprocessor register.

This register is the public review surface for vendors used to deliver ChiroVault. Data categories and agreement status must be confirmed during legal review before production PHI processing.

VendorPurposeData categoriesRegionStatus
CloudflareEdge delivery, security, WorkersRequest metadata, app trafficGlobal / EU controls availableDPA required
VercelPublic website and frontend hostingPublic site traffic, build metadataEU/US infrastructureDPA required
Supabase / PostgresDatabase and authentication services where enabledClinic data, operational recordsEU region targetDPA required
AWS SESTransactional emailEmail addresses, message metadata, transactional contentRegion configured per deploymentDPA required
OpenAI / Google GeminiOptional AI assistanceMinimized/scrubbed prompts unless explicitly approvedProvider-dependentDPA; PHI routing requires legal review
Stripe / MollieBilling and paymentsBilling contact, payment metadataEU/US provider infrastructureDPA required

Final vendor scope may vary by tenant configuration. Request the signed subprocessor exhibit at legal@chirovault.ai.