Trust
Subprocessors
Third parties we rely on to provide the service, and whether they may process PHI.
Last updated: June 2026
Draft — pending legal review. This page is a placeholder that reflects our intended practices. It is not yet a binding agreement; final language is subject to counsel review before any production use with protected health information.
We engage a small number of subprocessors to operate OrganAlert. Where a subprocessor may process protected health information, it is bound by a Business Associate Agreement and the safeguards described in our security overview. AI extraction reaches a model exclusively through AWS Bedrock, which is BAA-covered; we do not use a direct third-party model API for PHI, and PHI is not used to train models.
| Subprocessor | Purpose | Region | PHI |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure — compute, database, object storage | United States | BAA · may process PHI |
| AWS Bedrock + Anthropic (Claude) | AI extraction of structured donor data (via AWS Bedrock) | United States | BAA · may process PHI |
Changes
We will update this list before engaging a new subprocessor that processes PHI, and notify customers as required by their agreement. Questions: trust@organalert.com.