TransitionCare engages a small number of third-party service providers ("Subprocessors") to operate the Platform. Each Subprocessor processes only the data necessary to perform its function and is bound by its own privacy policy and contractual data-protection terms. We do not sell user data to any third party, and we do not engage advertising networks or analytics trackers.
This list is current as of the date above. We will update this page when we add or change a Subprocessor. Where commercially reasonable, we provide notice of new Subprocessors via email or in-app banner.
| Subprocessor | Function | Data Processed | Location |
|---|---|---|---|
| Railway Corp.Privacy Policy | Application hosting, managed PostgreSQL database, container orchestration | All Platform data (account info, de-identified patient profiles, audit logs) | United States (us-west2) |
| Stripe, Inc.Privacy Policy | Payment processing, subscription billing, invoicing | Billing email, payment card details (collected and stored by Stripe, not by TransitionCare), facility ID, plan, transaction history | United States |
| SendGrid (Twilio)Privacy Policy | Transactional email delivery (account verification, password reset, new-patient alerts) | Recipient email, recipient name, message content (no PHI), send/delivery metadata | United States |
| Twilio Inc.Privacy Policy | SMS alert delivery (Pro plan facility users only) | Recipient phone number, message content (no PHI), send/delivery metadata | United States |
| Google Fonts (Google LLC)Privacy Policy | Web font delivery (Inter, JetBrains Mono) for the Platform UI | Browser request metadata (IP address, user agent) when fonts are fetched. No personal data is sent to Google by TransitionCare directly. | Global CDN |
When we add a new Subprocessor that processes user account or facility data, we will update this page and notify registered users by email at least fifteen (15) days before the new Subprocessor begins processing data, except where the change is required for security reasons or to comply with law.
Each Subprocessor receives only the minimum data required to perform its specific function. For example, Twilio receives the phone number and SMS body but does not have access to the patient profile database; SendGrid receives the email recipient and message but does not have access to billing data; Stripe receives billing details but does not have access to patient or match data.
Consistent with our Terms of Use, no Subprocessor receives Protected Health Information (PHI). All data processed by Subprocessors is either (i) account/business data (names, emails, payment info), (ii) de-identified patient profile categories (age, care level, payer, location), or (iii) operational metadata (timestamps, IPs).
Questions about a Subprocessor or our vendor management process: nabjill01@gmail.com.