Data Sub-Processors
Last Updated: December 2, 2025
To provide our services, EVAL Health engages third-party service providers ("Sub-processors") to process patient and practitioner data. These Sub-processors assist us with cloud infrastructure, data storage, and secure communication delivery.
We conduct due diligence on the security and compliance of these Sub-processors to ensure they meet the requirements of the GDPR, HIPAA, and other applicable data privacy regulations.
Sub-Processors
Sub-processor Name | Entity Location | Nature of Services & Processing | Data Processing Locations |
|---|---|---|---|
Amazon Web Services, Inc. | United States | Cloud Service Provider
| Virginia, Ohio, California |
Downstream Sub-processors
Our primary infrastructure provider, Amazon Web Services (AWS), may engage its own sub-processors to deliver specific services (for example, telecommunication aggregators for SMS delivery). A current list of AWS sub-processors can be viewed directly on the AWS Compliance Website.
Updates to this List
As our business grows and evolves, the Sub-processors we engage may also change. We will provide notice of any new Sub-processors to this list in accordance with our Data Processing Agreement (DPA).
How we notify you:
- Routine Updates: We will update this page at least 30 days [or insert your DPA timeframe, e.g., 10 days] prior to authorizing any new Sub-processor to access personal data.
- Emergency Replacements: If a Sub-processor is replaced on an emergency basis (e.g., due to security breach or insolvency), we will update this list immediately and notify you as soon as reasonably practicable.
- Objections: If you are a current customer with a valid DPA in place, you may object to the appointment of a new Sub-processor on reasonable data protection grounds by contacting us at [insert privacy email] within the timeframe specified in your DPA.
Updated about 2 months ago