Sub-processors
Third parties that may handle PHI on Mand's behalf. Section 6 of our Business Associate Agreement commits us to providing at least 30 days' advance notice via email before onboarding any new PHI-handling sub-processor. Customers can object within that window; if we can't resolve the objection, the customer may terminate the BAA without penalty.
Last updated 2026-05-11. Updates ship as code commits to packages/legal/src/subprocessors.ts.
| Vendor | Purpose | Data handled | Location | BAA status | Handles PHI today |
|---|---|---|---|---|---|
| Anthropic, PBC | AI narrative drafting + PDF extraction. Reads clinical documents to produce structured fields + draft prose for the BCBA to review. | PHI (clinical document text + structured demographics) — processed in-memory only. | United States | Yes — BAA on file | Yes |
| Groq, Inc. | AI narrative drafting (alternative provider, lower cost). Text-only models — PDF extraction via local unpdf, narrative inputs via prompts. | PHI (narrative input prompts) — processed in-memory only. | United States | Yes — BAA on file | Yes |
| Amazon Web Services (AWS) | Application hosting + PostgreSQL database at rest. | All PHI persisted at rest, encrypted via AES-256. | United States | Available on higher tier | No |
| AWS Simple Email Service (SES) | Transactional email (welcome, password reset, packet ready, etc.). | Email bodies may contain PHI (e.g. client first name in subject). | United States | Available on higher tier | No |
| Cloudflare, Inc. | DNS, TLS termination, DDoS protection, web-traffic edge caching. | Encrypted HTTPS traffic only — Cloudflare never sees plaintext PHI. | United States | N/A — conduit (no PHI in clear) | No |
Notes per vendor (where relevant):
- Anthropic, PBC: BAA covers the Anthropic API. Standard API tier. No-training restriction in BAA.
- Groq, Inc.: BAA available on paid GroqCloud accounts. Free tier + preview models are excluded from BAA coverage; PHI-enabled orgs are pinned to a GA-model allow-list.
- Amazon Web Services (AWS): BAA acceptance is self-serve via AWS Artifact. Migration from Hetzner to AWS in progress — until complete, PHI-enabled orgs cannot accept the BAA.
- AWS Simple Email Service (SES): Migration from Resend (no BAA available) in progress. Until complete, no email body sent to or about a PHI-enabled org may contain PHI.
- Cloudflare, Inc.: Conduit-exception eligible: Mand terminates TLS at the application origin, not at Cloudflare, so the edge layer transmits ciphertext only.
To subscribe to sub-processor change notifications by email, reach out to [email protected]. PHI-enabled customers are automatically subscribed.