Subprocessors

Aunica works with trusted third-party service providers ("subprocessors") to securely operate and support its platform. Each provider is evaluated for security and compliance before engagement, and where applicable, Aunica maintains the appropriate Data Processing Agreements (DPAs).

If you would like to receive notifications about updates to this list, please contact contact@aunicahealth.com.

Infrastructure & Hosting

GoogleLC - Google Cloud Platfo

Primary cloud infrastructure and backend services

Google Cloud Platform hosts Aunica's backend application, databases, file storage, analytics, and supporting cloud services required to operate the platform.

Service

Purpose

Cloud Run

Backend application hosting

Cloud SQL

Relational database

Cloud Storage

Secure file storage

Secret Manager

Encryption keys & credentials

BigQuery

Analytics

Cloud Logging & Monitoring

Monitoring & logging

Resources

Website: cloud.google.com

Data Processing Addendum: cloud.google.com/terms/data-processing-addendum

Security Documentation: cloud.google.com/security

Amazon Web Services (AWS)

Frontend hosting and web application security

AWS hosts Aunica's web application and provides content delivery and firewall services.

Service

Purpose

AWS Amplify

Frontend hosting

Amazon CloudFront

Content delivery

AWS WAF

Web application firewall

Resources

Website: aws.amazon.com

Privacy & DPA: aws.amazon.com/compliance/data-privacy-faq

Security: aws.amazon.com/security

Communications

Google LLC - Firebase Cloud Messaging

Push notifications

Firebase Cloud Messaging delivers push notifications to staff members and program participants across mobile and web applications. Only device registration tokens and non-sensitive notification content are shared.

Data Shared

  • Device push tokens

  • Notification title

  • Notification body

Resources

Website: firebase.google.com

Privacy Policy: firebase.google.com/support/privacy

Mailgun

Transactional email delivery

Mailgun delivers account invitations, password resets, and other transactional emails. Email addresses and message content are processed only as required to deliver these communications.

Data Shared

  • Recipient email address

  • Transactional email content

Resources

Website: mailgun.com

Privacy Policy: ailgun.com/privacy-policy

Securit: mailgun.com/security

Rewards

Tremendous

Reward fulfillment

Tremendous is used to distribute gift cards and financial incentives to eligible program participants. Only the minimum information required to issue rewards is shared. Clinical information is never transmitted.

Data Shared: Recipient first name, last name, and email address. No clinical records, diagnoses, or other PHI are transmitted to Tremendous.

Resources

Website: tremendous.com

Privacy Policy: tremendous.com/privacy

Security: tremendous.com/security

Additional Information

  • Redis is operated within Google Cloud Platform and is not considered a separate subprocessor.

  • All Protected Health Information (PHI) is encrypted at rest using AES-256 and encrypted in transit using TLS 1.2 or higher.