Skip to content

Legal

Upstream Subprocessor List

Version: 1.0

Effective date: 2026-07-10

Last updated: 2026-07-11

This list identifies providers ByteWorthy LLC uses to deliver the Upstream service. A provider may process only the data needed for its function. Protected Health Information ("PHI") may be sent to a provider only when the Upstream Business Associate Agreement permits the processing, the required written protection is in force, and the production egress gate is enabled.

ProviderFunctionData scopePHI scope
Google Cloud PlatformApplication hosting, databases, storage, networking, secrets, logging, and managed operationsCustomer Data, account data, security data, and service contentPermitted only after applicable written protections are verified and configured PHI controls are enabled
Google Vertex AIAI-assisted processing in the designated PHI laneMinimum-necessary task contentPermitted only after required written protections are verified and the designated PHI lane is allowlisted and enabled
StediEligibility, claim, claim-status, remittance, attachment, and supported healthcare transactionsCustomer-directed transaction and enrollment dataPermitted only after written protection, configured BAA confirmation, and customer/provider enrollment gates pass
AvailityCustomer-approved eligibility, claim-status, configuration, payer-list, and Service Reviews transactionsMinimum-necessary customer, provider, payer, and transaction dataPermitted only after written protection, Standard Plan, production credential, customer, payer-contract, and enrollment gates pass
Retell AICustomer-approved automated payer-call transport and status follow-upMinimum-necessary call plan and patient or authorization facts approved for the callPermitted only after written protection, recording-authority, disclosure, destination, and production egress gates pass; raw transcripts are not retained by Upstream
VercelPublic website, static application delivery, and demo-intake processingWebsite telemetry, account-device data, and PHI-free lead informationNot authorized for PHI
StripeStripe-hosted checkout, billing portal, invoices, and payment processingAccount, billing, usage, and tokenized payment referencesNot authorized for PHI
ResendTransactional account emailRecipient email and PHI-free account message contentNot authorized for PHI
PostHogProduct and website analyticsPHI-free usage and device eventsNot authorized for PHI

Customer-directed systems, including athenahealth, Epic, Oracle Health (Cerner), eClinicalWorks, other EHRs, payers, portals, or clearinghouse accounts, are not Upstream Subprocessors when Upstream connects to them solely on Customer's instruction and they act independently under Customer's agreement. They remain subject to the Customer's configuration, the receiving system's terms, and the Upstream Services Agreement. Listing a provider above authorizes no data flow by itself; the applicable contract, data scope, tenant configuration, and fail-closed production gate must all be verified before processing begins.

Upstream will update this list before a new provider begins materially different processing of Customer Personal Data and will provide notice as required by the Data Processing Addendum. Questions or objections may be sent to privacy@upstream.cx.


End of Subprocessor List version 1.0.

Canonical source: care/legal/subprocessors.md | Version 1.0 | SHA-256 d2e8c38f6f25b99372262262bba6e4fa71f692cee2b02f2c8fc77a8e28e2737d