This page is updated whenever we add, remove, or change a subprocessor. Our BAA requires 30 days’ advance notice before any new subprocessor begins processing customer data.
Infrastructure subprocessors
These providers host the Denialbase platform itself. All customer data lives inside GCP regions we control, encrypted with customer-managed keys (CMEK).
| Subprocessor | Role | Region | PHI? | BAA |
|---|---|---|---|---|
| Google Cloud Platform — Cloud SQL | Primary PostgreSQL database | us-central1 | Yes (encrypted) | In progress — Q3 2026 |
| Google Cloud Platform — Cloud Run | Application runtime | us-central1 | Yes (in-memory during request) | In progress — Q3 2026 |
| Google Cloud Platform — Cloud Storage | Document storage (EOBs, appeal letters) | us-central1 (CMEK) | Yes (encrypted, virus-scanned) | In progress — Q3 2026 |
| Google Cloud Platform — Memorystore | Redis (caching, rate limits, 2FA tokens) | us-central1 | No PHI — session IDs only | In progress — Q3 2026 |
| Google Cloud Platform — Secret Manager | Application secrets (JWT keys, AR encryption keys) | us-central1 | No | In progress — Q3 2026 |
| Google Cloud Platform — Artifact Registry | Container images | us-central1 | No | In progress — Q3 2026 |
Operational subprocessors
| Subprocessor | Role | PHI exposure | BAA |
|---|---|---|---|
| Anthropic | LLM inference (Claude) for denial detection, strategy recommendation, and appeal draft generation | PHI-scrubbed prompts only — no raw PHI sent | In progress — Q3 2026 |
| Sentry | Error and exception monitoring | PII scrubbing rules drop known PHI fields before ingestion | In progress — Q3 2026 |
| Amazon SES | Transactional email (magic links, notifications) | No PHI in email bodies — subject lines and content reference only metadata | In progress — Q3 2026 |
| DocuSeal | Customer-facing e-signature for appeal submissions | Customer-executed; PHI rendered in browser via signed URLs | Not required (customer-controlled) |
| GitHub | Source code hosting, CI/CD | No customer data — code only | Not required |
Commercial / support subprocessors
| Subprocessor | Role | PHI exposure | Notes |
|---|---|---|---|
| Stripe | Payment processing (planned, Q3 2026) | No PHI — billing metadata only | BAA not required; card data tokenized by Stripe |
| Cloudflare | DNS for denialbase.com | No | — |
Data residency
All customer PHI processed by Denialbase is stored in the United States (us-central1). We do not replicate to secondary regions without explicit customer opt-in.
How we evaluate subprocessors
Risk assessment
We score each vendor on security posture (SOC 2 / ISO 27001 status, data handling, encryption), HIPAA willingness (BAA availability), data residency, and business continuity.
BAA execution
For any subprocessor that may touch PHI, we require a signed BAA before PHI flows to them.
Annual review
Each subprocessor is reviewed annually. Changes are notified to customers per the BAA’s notice clause.
Changelog
| Date | Change |
|---|---|
| 2026-04 | Initial published subprocessor list |