Subprocessors
This page identifies the third-party processors Aduvera currently uses to host, secure, authenticate, and operate the service.
Last updated March 13, 2026 | 4 active entries
Current subprocessor list
| Vendor | Service | Purpose | Data types | Location | Notes |
|---|---|---|---|---|---|
| Google LLC | Google Cloud Run, Cloud SQL for PostgreSQL, Cloud Storage | Application hosting, authenticated API delivery, consultation persistence, and temporary audio object storage. | Account identifiers, consultation titles, patient names, manual notes, transcripts, generated notes, summaries, citation data, and temporary audio uploads. | United States. Aduvera is currently configured for Google Cloud regions/endpoints in the United States, with certain transcription retries able to use a Google-managed global endpoint. | Covered by Google's Cloud Data Processing Addendum, with Google Cloud HIPAA BAA now in place. Aduvera should continue confirming covered-service scope for every PHI-touching service in use. |
| Google LLC | Vertex AI Gemini and Vertex embeddings | Transcription, note generation, patient-summary generation, pre-visit preparation, light patient-name extraction, and transcript citation retrieval. | Temporary audio, transcript text, clinician-entered prompts and notes, patient names, generated outputs, and note-citation query text. | United States by default (`us-central1`), with a documented fallback to Google-managed `global` endpoint for some transcription retry cases. | Aduvera uses Google's managed models through Vertex AI. Aduvera does not use customer data to train its own models. Google documents that customer data sent to Vertex AI is not used to train or fine-tune foundation models without customer permission or instruction. |
| Google LLC | Firebase Authentication / Google Cloud Identity Platform | User authentication, session establishment, and sign-in support for Google and email magic-link workflows. | User email address, auth identifiers, display name, profile photo URL, auth event metadata, and session-related technical data. | United States and other Google-operated regions used to provide the authentication service. | This service is used for account access control. Aduvera should keep confirming current covered-service status for HIPAA-governed customer workflows. |
| Google LLC | Cloud Logging and Cloud Monitoring | Operational logging, request tracing, rate-limit visibility, and incident-response support. | Request IDs, action metadata, status codes, hashed IP values in audit events, and limited operational telemetry. Aduvera is designed not to place PHI payloads in application audit logs. | United States under Aduvera's Google Cloud deployment. | Logging retention and access are managed under Aduvera's security and retention policies. |
Notes
- This page lists third-party service providers that process customer personal data on Aduvera's behalf in connection with hosting, authentication, AI processing, logging, and monitoring.
- Aduvera updates this page when material subprocessors are added, removed, or replaced.
- Questions about subprocessors may be sent to [email protected].