Subprocessors
This page summarises material suppliers and subprocessors that support the Patient Watch service. It is intended to help organisational customers with due diligence, data protection impact assessments, and supplier records.
The exact suppliers used for a deployment may depend on the product configuration, notification channels, customer contract, region, and programme design. Where Patient Watch acts as a processor, the relevant controller remains responsible for deciding whether the listed suppliers are acceptable for its deployment.
Core service subprocessors
| Supplier | Service | Typical personal data involvement |
|---|---|---|
| Supabase | Database, authentication, and storage | Account data, authentication metadata, questionnaire responses, diary entries, clinical or health-related content, and configured programme data |
| Vercel | Web application hosting and edge delivery | Hosting and delivery layer for the web application; may process technical request metadata |
Communication and notification subprocessors
| Supplier | Service | Typical personal data involvement |
|---|---|---|
| Resend | Transactional email API | Email addresses, message metadata, and transactional notification content |
| Knock | Notification workflows | Notification preferences, workflow metadata, and delivery metadata |
| Twilio | SMS and voice messaging | Phone numbers, message metadata, and SMS or voice delivery data |
Operational support suppliers
| Supplier | Service | Typical personal data involvement |
|---|---|---|
| Google Workspace | Business email, calendar, and collaboration | Limited business communication data; not the primary patient record system |
| Stripe | Payments | Billing identifiers and payment metadata where paid services are used |
| Sentry | Application error and release health monitoring | Technical error context; events are configured to reduce sensitive content |
| Better Stack | Status page, uptime monitoring, and incident communications | Limited technical or contact metadata in monitoring and status workflows |
Controls
Patient Watch maintains an internal supplier register that records the service provided, whether the supplier handles personal data, criticality, contract basis, assurance reviewed, and review dates.
Where a supplier acts as a processor or subprocessor, Patient Watch expects written terms or online data processing terms that include confidentiality, security, data protection, and incident-notification obligations appropriate to the service.
We review material suppliers at least annually and when a material supplier, contract basis, service, or data-protection position changes.
Changes
Where we intend to add or replace a subprocessor in a way that materially affects processing for an organisational customer, we provide reasonable prior notice through the agreed customer channel so the controller can raise reasonable data-protection-based objections.
For contractual, privacy, or data protection questions, contact info@patient-watch.com.