Data Subprocessor List
Last Updated: April 28, 2026
A subprocessor is any third-party company that Carelytics Inc. engages to process Customer Data — including Protected Health Information (PHI) — in connection with delivering the Carelytics platform. As a HIPAA Business Associate, Carelytics ensures that all subprocessors with access to PHI have signed a Business Associate Agreement (BAA) or equivalent data protection agreement and maintain appropriate safeguards.
This list is maintained in accordance with our Privacy Policy and Terms of Service. We will notify Customer administrators at least 30 days in advance of adding or replacing a subprocessor that processes PHI. Notifications are sent to the agency administrator email on file and posted to this page.
Core Infrastructure
| Provider | Service | Purpose / Data Processed | Data Location | PHI Access | HIPAA Agreement |
|---|---|---|---|---|---|
| Microsoft Azure | Cloud Hosting — Azure Container Apps | Application server infrastructure, container orchestration, runtime environment. Hosts all application code and services. | United States | Indirect | BAA Signed |
| Microsoft Azure | Azure Database for PostgreSQL | Primary relational database. Stores all application data including PHI: patient demographics, clinical notes, OASIS assessments, billing records, payroll, EVV records. Encrypted at rest (AES-256) and in transit (TLS 1.2+). | United States | Direct (PHI) | BAA Signed |
| Microsoft Azure | Azure Blob Storage | Object/file storage for uploaded documents, clinical export files (OASIS XML, CMS exports), digital signatures, and static assets. Files are encrypted at rest. | United States | Direct (PHI) | BAA Signed |
| Microsoft Azure | Azure Container Registry | Container image storage and deployment pipeline. Stores application Docker images. Does not process PHI directly. | United States | None | BAA Signed |
| Microsoft Azure | Azure Cache for Redis | Session caching, task queuing (Celery broker), and rate limiting. May hold short-lived session tokens. Encrypted in transit; memory is not persisted to disk. | United States | Indirect | BAA Signed |
Communications
| Provider | Service | Purpose / Data Processed | Data Location | PHI Access | HIPAA Agreement |
|---|---|---|---|---|---|
| Microsoft Azure | Azure Communication Services | Transactional email delivery for system notifications: account invitations, password resets, security alerts, and subscription notices. Email content is limited to non-PHI administrative messages. | United States | None | BAA Signed |
Monitoring and Security
| Provider | Service | Purpose / Data Processed | Data Location | PHI Access | HIPAA Agreement |
|---|---|---|---|---|---|
| Sentry | Application Error Monitoring | Real-time application error tracking and session replay for debugging. PHI is actively scrubbed before transmission — request bodies on all clinical URLs (/clinical/, /clients/, /scheduling/, /evv/, /billing/) are redacted. User data is stripped to ID and role only. Cookies and auth headers are never transmitted. | United States | Scrubbed | BAA Signed |
AI Services
| Provider | Service | Purpose / Data Processed | Data Location | PHI Access | HIPAA Agreement |
|---|---|---|---|---|---|
| Configurable per agency | AI Language Model (SOAP notes, care plans) | Used to generate SOAP note drafts, Plan of Care narratives, and pre-sign QA checks from structured clinical data. Each agency configures their own AI API key in Agency Settings. Agencies are responsible for ensuring their chosen AI provider has a signed BAA with Carelytics or their agency before enabling AI features with PHI. By default, AI features are disabled until an API key is configured. | Varies by provider | When enabled | Agency-managed |
Subprocessor Change Notification
Carelytics will notify Customer administrators at least 30 days before adding a new subprocessor that will process PHI, or replacing an existing PHI subprocessor with a different provider. Notifications are sent to the agency administrator's email address on file.
Customers who have concerns about a proposed subprocessor change may contact hi@carelytic.ai within the notice period. If a Customer reasonably objects to a new subprocessor on HIPAA compliance grounds and Carelytics cannot accommodate the objection, the Customer may terminate their subscription for cause as described in the Terms of Service.
This page is updated each time the subprocessor list changes. The "Last Updated" date at the top of this page reflects the most recent revision.
Questions about our subprocessors?
Contact hi@carelytic.ai