Subprocessors
Aunica works with trusted third-party service providers ("subprocessors") to securely operate and support its platform. Each provider is evaluated for security and compliance before engagement, and where applicable, Aunica maintains the appropriate Data Processing Agreements (DPAs).
If you would like to receive notifications about updates to this list, please contact contact@aunicahealth.com.
Infrastructure & Hosting
GoogleLC - Google Cloud Platfo
Primary cloud infrastructure and backend services
Google Cloud Platform hosts Aunica's backend application, databases, file storage, analytics, and supporting cloud services required to operate the platform.
Service | Purpose |
Cloud Run | Backend application hosting |
Cloud SQL | Relational database |
Cloud Storage | Secure file storage |
Secret Manager | Encryption keys & credentials |
BigQuery | Analytics |
Cloud Logging & Monitoring | Monitoring & logging |
Resources
Website: cloud.google.com
Data Processing Addendum: cloud.google.com/terms/data-processing-addendum
Security Documentation: cloud.google.com/security
Amazon Web Services (AWS)
Frontend hosting and web application security
AWS hosts Aunica's web application and provides content delivery and firewall services.
Service | Purpose |
AWS Amplify | Frontend hosting |
Amazon CloudFront | Content delivery |
AWS WAF | Web application firewall |
Resources
Website: aws.amazon.com
Privacy & DPA: aws.amazon.com/compliance/data-privacy-faq
Security: aws.amazon.com/security
Communications
Google LLC - Firebase Cloud Messaging
Push notifications
Firebase Cloud Messaging delivers push notifications to staff members and program participants across mobile and web applications. Only device registration tokens and non-sensitive notification content are shared.
Data Shared
Device push tokens
Notification title
Notification body
Resources
Website: firebase.google.com
Privacy Policy: firebase.google.com/support/privacy
Mailgun
Transactional email delivery
Mailgun delivers account invitations, password resets, and other transactional emails. Email addresses and message content are processed only as required to deliver these communications.
Data Shared
Recipient email address
Transactional email content
Resources
Website: mailgun.com
Privacy Policy: ailgun.com/privacy-policy
Securit: mailgun.com/security
Rewards
Tremendous
Reward fulfillment
Tremendous is used to distribute gift cards and financial incentives to eligible program participants. Only the minimum information required to issue rewards is shared. Clinical information is never transmitted.
Data Shared: Recipient first name, last name, and email address. No clinical records, diagnoses, or other PHI are transmitted to Tremendous.
Resources
Website: tremendous.com
Privacy Policy: tremendous.com/privacy
Security: tremendous.com/security
Additional Information
Redis is operated within Google Cloud Platform and is not considered a separate subprocessor.
All Protected Health Information (PHI) is encrypted at rest using AES-256 and encrypted in transit using TLS 1.2 or higher.