List of Subprocessors
Autoheal AI, Inc.
Last Updated: 04/20/2026
1. Introduction
Autoheal AI, Inc. ("Autoheal AI", "we", "us") uses certain third-party service providers ("Subprocessors") to assist in providing our services. These Subprocessors may process Customer Data on our behalf in accordance with our Data Processing Agreement and applicable data protection laws.
This document provides a list of Subprocessors that Autoheal AI engages to process Customer Data. We maintain this list to provide transparency to our customers and to comply with contractual and regulatory requirements, including SOC 2 and GDPR.
2. Definitions
"Subprocessor" means any third party engaged by Autoheal AI to process Customer Data on behalf of the Customer.
"Customer Data" means any data, content, or information submitted to the Autoheal AI platform by or on behalf of a Customer.
"Processing" means any operation performed on Customer Data, including collection, storage, retrieval, use, transmission, or deletion.
3. Infrastructure Subprocessors
These Subprocessors provide core infrastructure services for hosting and operating the Autoheal AI platform:
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services, Inc. (AWS) | Cloud infrastructure hosting, compute, storage, database services, email delivery (SES), AI/ML inference (Bedrock) | All Customer Data stored and processed on the Autoheal AI platform, including data submitted to AI agents | United States |
| GitHub, Inc. | Source code repository, version control, CI/CD pipelines | Application source code, infrastructure configurations (no Customer Data) | United States |
4. AI and Machine Learning
Autoheal AI uses large language models (LLMs) to power its AI agents for incident investigation and analysis. All AI/ML inference is performed via Amazon Web Services Bedrock within our existing AWS infrastructure. Customer Data submitted to AI agents does not leave the AWS environment and is not shared with any third-party model provider. No Customer Data is used to train or fine-tune AI models.
5. Security/Compliance Subprocessors
These Subprocessors provide security monitoring, compliance, and endpoint protection services:
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Drata, Inc. | Compliance automation, security monitoring, policy management | Security configurations, compliance evidence, employee training records | United States |
6. Communication & Collaboration Subprocessors
These Subprocessors provide communication and collaboration services:
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google LLC (Google Workspace) | Employee email, calendar, identity provider (SSO), document collaboration | Employee communications, internal documents, authentication data | United States |
| Slack Technologies, LLC | Internal team communication, customer support channels | Support communications, internal discussions related to customer accounts | United States |
| Twilio, Inc. | SMS and voice notification delivery | Phone numbers and notification content for incident alerting | United States |
7. Corporate Services Subprocessors
These Subprocessors provide corporate services and do not process Customer Data:
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Rippling, Inc. | Human resources, payroll, benefits administration | Employee personal data only (no Customer Data) | United States |
8. Updates to This List
Autoheal AI may update this list of Subprocessors from time to time. We will provide customers with notice of any new Subprocessors in accordance with our Data Processing Agreement. Customers may subscribe to updates by contacting support@autoheal.ai.
If a Customer objects to a new Subprocessor, the Customer may notify Autoheal AI in writing within thirty (30) days of receiving notice. Autoheal AI will work with the Customer to address any reasonable concerns.
A copy of our Data Processing Agreement (DPA) is available upon request. To request a DPA or subscribe to Subprocessor change notifications, contact security@autoheal.ai.
9. Security Measures
Autoheal AI requires all Subprocessors to maintain appropriate technical and organizational security measures to protect Customer Data. Before engaging any Subprocessor, Autoheal AI conducts a security assessment in accordance with our Vendor Management Policy. Key requirements include:
- SOC 2 Type II certification or equivalent security attestation
- Data encryption in transit and at rest
- Access controls and authentication requirements
- Incident response and breach notification procedures
- Data Processing Agreement or equivalent contractual protections
10. Contact Information
For questions about this Subprocessors list or to request additional information about our data processing practices, please contact:
Autoheal AI, Inc.
Email: support@autoheal.ai
Website: https://autoheal.ai
