Bounded Health — Authorized Subprocessors
Version: v1.0 | Effective: February 7, 2026 | Last reviewed: February 7, 2026
Overview
This document lists the third-party subprocessors that Bounded Health, Inc. ("Bounded Health") engages to support the delivery of its enterprise services. Each subprocessor operates under contractual data protection obligations that are consistent with the commitments in our Data Processing Addendum.
We maintain this list as a transparency measure for customers and their procurement teams. Material changes to the subprocessor list are communicated to affected customers through established contract and procurement channels.
Current Subprocessors
| Subprocessor | Location | Processing Purpose | Data Categories Accessed |
|---|---|---|---|
| Render | United States | Application hosting and infrastructure operations | Account data, service metadata, encrypted application data |
| Neon | United States | Managed PostgreSQL database hosting | Account data, structured service data, encrypted health-related datasets |
| Redis (Managed) | United States | Message queue and cache operations | Operational metadata, transient job state (short-lived) |
| Anthropic | United States | Model inference processing for approved AI workloads | Prompted analytics inputs and generated outputs (no raw PHI) |
| Clerk | United States | Authentication, identity management, and session handling | Account identity data, session metadata, SSO federation tokens |
How We Select and Manage Subprocessors
Bounded Health evaluates each subprocessor against the following criteria before engagement:
-
Security posture. The subprocessor must demonstrate appropriate technical and organizational safeguards for the categories of data it will process. We review available certifications, audit reports, and security documentation.
-
Contractual protections. Every subprocessor agreement includes data protection terms that flow down the obligations from our customer agreements, including incident notification, confidentiality, and data return or deletion requirements.
-
Scope limitation. Each subprocessor is authorized to process only the specific data categories and for the specific purposes listed in the table above. Access beyond that scope is not permitted.
-
Ongoing review. We periodically reassess subprocessor relationships to ensure continued alignment with our customers' data protection expectations and evolving regulatory requirements.
Notification of Changes
When we plan to add or replace a subprocessor in a way that materially changes the processing described in this document, we notify affected customers in advance through their designated contract or procurement contacts. Customers who have concerns about a proposed change may raise them within the notice period described in their Data Processing Addendum.
Contact
For questions about our subprocessor practices, please contact: security@boundedhealth.com