Last updated: May 2026
ChronoMedAI engages a limited set of third-party service providers ("sub-processors") to operate our platform. The table below lists each sub-processor, what it is used for, and whether it may process Protected Health Information (PHI).
| Sub-processor | Purpose | Processes PHI? | Safeguard |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure: document storage, databases, compute, AI analysis (AWS Bedrock), authentication, email delivery, and logging | Yes | AWS Business Associate Addendum executed; all PHI remains within AWS (us-east-1) |
| Stripe, Inc. | Billing and payment processing | No — billing and payment data only; no PHI | PCI-DSS Level 1 service provider |
| GitHub, Inc. | Source-code hosting and CI/CD deployment pipeline | No — application and infrastructure code only | No customer data in the pipeline |
| Squarespace Domains LLC | Domain registration and DNS for chronomedai.com | No — DNS records only | N/A |
All AI analysis of medical records is performed within AWS using AWS Bedrock and is covered by the AWS Business Associate Addendum. Customer data is not used to train AI models. ChronoMedAI does not send PHI to any AI provider outside the AWS boundary.
We update this list as our sub-processors change.
If you have questions about our sub-processors or data practices, please contact us at: