List of Subprocessors

Autoheal, Inc.

Last Updated: January 2026

1. Introduction

Autoheal, Inc. ("Autoheal", "we", "us") uses certain third-party service providers ("Subprocessors") to assist in providing our services. These Subprocessors may process Customer Data on our behalf in accordance with our Data Processing Agreement and applicable data protection laws.

This document provides a list of Subprocessors that Autoheal engages to process Customer Data. We maintain this list to provide transparency to our customers and to comply with contractual and regulatory requirements, including SOC 2 and GDPR.

2. Definitions

"Subprocessor" means any third party engaged by Autoheal to process Customer Data on behalf of the Customer.

"Customer Data" means any data, content, or information submitted to the Autoheal platform by or on behalf of a Customer.

"Processing" means any operation performed on Customer Data, including collection, storage, retrieval, use, transmission, or deletion.

3. Infrastructure Subprocessors

These Subprocessors provide core infrastructure services for hosting and operating the Autoheal platform:

Subprocessor	Purpose	Data Processed	Location
Amazon Web Services, Inc. (AWS)	Cloud infrastructure hosting, compute, storage, database services, email delivery (SES)	All Customer Data stored and processed on the Autoheal platform	United States
GitHub, Inc.	Source code repository, version control, CI/CD pipelines	Application source code, infrastructure configurations (no Customer Data)	United States

4. Security/Compliance Subprocessors

These Subprocessors provide security monitoring, compliance, and endpoint protection services:

Subprocessor	Purpose	Data Processed	Location
Drata, Inc.	Compliance automation, security monitoring, policy management	Security configurations, compliance evidence, employee training records	United States

5. Communication & Collaboration Subprocessors

These Subprocessors provide communication and collaboration services:

Subprocessor	Purpose	Data Processed	Location
Google LLC (Google Workspace)	Employee email, calendar, identity provider (SSO), document collaboration	Employee communications, internal documents, authentication data	United States
Slack Technologies, LLC	Internal team communication, customer support channels	Support communications, internal discussions related to customer accounts	United States

6. Corporate Services Subprocessors

These Subprocessors provide corporate services and do not process Customer Data:

Subprocessor	Purpose	Data Processed	Location
Rippling, Inc.	Human resources, payroll, benefits administration	Employee personal data only (no Customer Data)	United States

7. Updates to This List

Autoheal may update this list of Subprocessors from time to time. We will provide customers with notice of any new Subprocessors in accordance with our Data Processing Agreement. Customers may subscribe to updates by contacting support@autoheal.ai.

If a Customer objects to a new Subprocessor, the Customer may notify Autoheal in writing within thirty (30) days of receiving notice. Autoheal will work with the Customer to address any reasonable concerns.

8. Security Measures

Autoheal requires all Subprocessors to maintain appropriate technical and organizational security measures to protect Customer Data. Before engaging any Subprocessor, Autoheal conducts a security assessment in accordance with our Vendor Management Policy. Key requirements include: