Nexalink Sub-Processors
Effective: August 5, 2025
We use carefully selected sub-processors to operate the Services. Each is bound by confidentiality and, where applicable, Business Associate and/or Data Processing terms.
Current Sub-Processors
| Vendor | Purpose | Data Types | Location |
|---|---|---|---|
| Amazon Web Services, Inc. (AWS) | Cloud infrastructure, storage, databases, logging/monitoring | Encrypted customer data, backups, logs/metrics; KMS-managed keys | USA |
| PostHog, Inc. ‡ | Product analytics (first-party) | Usage events, device/app metadata, pseudonymous IDs; no PHI | USA |
| OneSignal, Inc. * | Opt-in marketing push/SMS/email (if enabled) | Push tokens, phone numbers, emails, delivery metadata; no PHI | USA |
| Expo Platform / EAS ** | Build/CI and over-the-air updates (if enabled) | App binaries & update artifacts; device/app identifiers for update checks; no customer content | USA |
| Hugging Face, Inc. † | LLM inference hosting (Google MedGemma) | Minimal prompts/responses; retention disabled; PHI persistence off by default | USA |
Notes & Qualifications
• OneSignal (*) is used only with explicit member opt-in and after a BAA is executed. If a BAA cannot be executed, OneSignal will not be used with PHI and may be disabled entirely.
• Expo/EAS (**) is limited to build/CI and OTA delivery. It does not process customer content. Ensure no secrets in app bundles/OTA artifacts.
• Hugging Face / MedGemma (†) is configured for no retention. PHI processing is off by default and would require a separate agreement and risk review before enabling.
• PostHog (‡) runs as first-party analytics with no PHI (redaction/filters enabled).
• We provide ≥30 days’ notice here before adding or replacing a sub-processor for core data flows, except where urgent to maintain security or continuity.
• Contact: legal@nexalink.care.
• Last updated: August 5, 2025.
Sub-Processor Onboarding
We review security, privacy, and compliance posture before onboarding and require written commitments (BAA/DPA) as applicable.
Notice of Changes
We will post updates to this page at least 30 days before adding or replacing a sub-processor for core data flows, except where urgent to maintain security or continuity.