Legal · Transparency
Subprocessors
Last updated: May 1, 2026
Draft — pending counsel review
This document is a working draft adapted from HIPAA-aware industry templates. It has not yet been reviewed by Klaxar legal counsel and is not a binding agreement. For questions or to receive the final executable version, contact legal@klaxar.com.
Klaxar Inc.engages the following third-party service providers (“Subprocessors”) to help operate the Klaxar platform. Where Subprocessors process Protected Health Information (PHI) on behalf of Klaxar Inc. as a Business Associate, we maintain Business Associate Agreements (BAAs) with them as required by HIPAA.
We notify customers in advance of any material changes to this list (e.g., adding a Subprocessor that processes PHI) by email and via this page.
| Subprocessor | Purpose | Data Handled | Location | BAA |
|---|---|---|---|---|
| Supabase Inc. | Database, authentication, storage, edge functions | Customer data including PHI (when applicable) | United States (us-east-1) | Yes |
| Amazon Web Services (via Supabase) | Underlying cloud infrastructure | Encrypted database storage | United States | Yes |
| Resend | Transactional email delivery | Email addresses, message contents | United States | In progress |
| Twilio | SMS notifications and 2FA codes | Phone numbers, message contents | United States | In progress |
| DigitalOcean | Application hosting (web servers) | Application traffic; no persistent PHI storage | United States | Not applicable |
BAA “In progress” means the BAA is being negotiated. Until it is fully executed, we do not transmit PHI to that Subprocessor and the corresponding feature operates in a non-PHI mode (e.g., transactional emails do not contain PHI).
Questions about Subprocessors: privacy@klaxar.com
List subject to update. Pending counsel review for Klaxar's specific service offerings.