Last updated: 05 September 2025
Next review: 05 December 2025
This page lists all sub-processors (third-party service providers) that Docyment Ltd engages to process personal data on behalf of our customers. We are committed to transparency and will notify customers of any changes to this list in accordance with our Data Processing Agreement.
Important: No patient data is ever used to train, develop, or improve AI models. All sub-processors are bound by strict contractual obligations to protect data security and privacy.
Infrastructure & Hosting
| Sub-processor | Location | Purpose | Data Categories |
|---|---|---|---|
| Vercel Inc. | USA | Website hosting, CDN, serverless functions | Website analytics, form submissions, user interactions |
| Supabase Inc. | USA | Database hosting, authentication, real-time data sync | User accounts, clinical data, application data, authentication logs |
AI & Processing Services
| Sub-processor | Location | Purpose | Data Categories |
|---|---|---|---|
| OpenRouter | USA | AI model routing and orchestration | Clinical notes, dictated text, generated content |
| OpenAI Inc. | USA | Natural language processing and text generation | Clinical notes, dictated text, generated content |
| Google LLC | USA | AI/ML services and natural language processing | Clinical notes, dictated text, generated content |
| Deepgram Inc. | USA | Speech-to-text transcription services | Voice recordings, audio files, transcribed text |
| AssemblyAI Inc. | USA | Speech-to-text transcription and audio intelligence | Voice recordings, audio files, transcribed text |
Payment Processing
| Sub-processor | Location | Purpose | Data Categories |
|---|---|---|---|
| Stripe Inc. | USA/Ireland | Payment processing, billing, subscription management | Billing information, payment methods, transaction data |
Communications & Email
| Sub-processor | Location | Purpose | Data Categories |
|---|---|---|---|
| Resend Inc. | USA | Transactional email delivery | Email addresses, user notifications, system alerts |
| Brevo (formerly Sendinblue) | France | Marketing email campaigns, newsletter management | Email addresses, marketing preferences, engagement data |
Data Protection Safeguards
International Transfers: All sub-processors located outside the UK/EEA are covered by appropriate safeguards including UK IDTA, EU Standard Contractual Clauses with UK Addendum, or adequacy decisions.
Contractual Protection: Each sub-processor is bound by written agreements that impose data protection obligations no less protective than those in our Data Processing Agreement with customers.
AI Model Training: We have specific contractual clauses with AI service providers ensuring that customer data is never used to train, develop, or improve AI models.
Regular Review: This list is reviewed quarterly and updated as needed. Customers will be notified of material changes with 30 days' notice as per our DPA.
Questions or Concerns
If you have questions about our sub-processors or wish to object to a new sub-processor, please contact us:
- Privacy Team: privacy@docyment.com
- General Support: support@docyment.com