Subprocessor List
This Subprocessor List identifies third-party service providers that MYCURE may use to provide, host, secure, support, maintain, or improve the MYCURE platform and related services.
Effective Date: June 08, 2026
Operated by TOPSI Inc. (“MYCURE,” “we,” “us,” or “our”)
This page should be read together with our Terms of Agreement, Privacy Policy, Security Overview, and any applicable Data Processing Addendum, Business Associate Agreement, Order Form, or other written agreement.
1. What Is a Subprocessor?
A subprocessor is a third-party service provider engaged by MYCURE that may process personal data or Customer Data on behalf of MYCURE in connection with the Services.
Subprocessors may help us with activities such as hosting, storage, security, communications, payments, support, analytics, monitoring, and other operational services.
MYCURE requires subprocessors that process personal data on our behalf to apply appropriate confidentiality, security, and data protection obligations.
2. How We Use Subprocessors
MYCURE may use subprocessors to:
- •host and operate the Services;
- •store and back up data;
- •send service-related emails, SMS, or notifications;
- •process payments and billing;
- •monitor performance, uptime, errors, and security events;
- •provide customer support;
- •troubleshoot technical issues;
- •protect against abuse, fraud, or unauthorized access;
- •maintain internal business systems;
- •improve platform reliability and user experience; and
- •comply with legal, security, and operational obligations.
Subprocessors may vary depending on the Customer’s subscription, enabled modules, deployment model, region, and applicable written agreement.
3. Current Subprocessors
The table below identifies subprocessors that may process personal data or Customer Data in connection with the Services.
| Subprocessor | Service Category | Purpose | Location / Processing Region | Data Processed |
|---|---|---|---|---|
| DigitalOcean, LLC | Cloud hosting / infrastructure | Managed Kubernetes hosting, compute, networking, and backup storage | United States | Customer Data, usage data, technical data |
| Google LLC (Google Cloud) | Cloud storage, secret management, and sign-in | Object/file storage, encrypted secret management, and Google sign-in (OAuth) | United States / configured per deployment | Customer Data, account identifiers, application secrets |
| Twilio Inc. (SendGrid) | Email delivery | Transactional and service emails | United States | Contact details, message metadata, service notices |
| ActiveCampaign, LLC (Postmark) | Email delivery | Transactional and service emails | United States | Contact details, message metadata, service notices |
| Twilio Inc. | SMS / messaging | Appointment reminders, notifications, and patient communications where enabled | United States | Contact details, message content or metadata |
| Stripe, Inc. | Payment processing | Billing, subscription payments, and payment records | United States | Billing and transaction information |
| PayMongo Philippines, Inc. | Payment processing | Online payments and checkout for Philippine Customers | Philippines | Billing and transaction information |
| Odoo S.A. (Odoo Helpdesk) | Customer support | Support ticketing, troubleshooting, and customer communications | European Union (Belgium) | Support communications, account information, limited Customer Data where needed |
| Google LLC (Google Analytics) | Analytics | Website and product usage analytics | United States | Usage data, device and technical data |
| Cloudflare, Inc. | Security / DNS | DNS management and TLS for MYCURE domains | United States / Global | Technical and DNS query metadata |
| Internet Security Research Group (Let’s Encrypt) | Security / TLS certificates | Issuance of TLS/SSL certificates for MYCURE domains | United States | Domain technical data |
MYCURE does not currently use a third-party artificial intelligence or large language model subprocessor. If AI-assisted features are introduced, this list will be updated. MYCURE does not use identifiable patient data to train artificial intelligence or machine learning models unless expressly agreed in writing.
Underlying databases, caches, and other core components are operated within MYCURE’s own hosted environment rather than provided by separate data subprocessors. Subprocessors and processing regions may vary depending on the Customer’s deployment model, enabled modules, region, and applicable written agreement.
4. Customer-Enabled Third-Party Integrations
Some third-party services are not MYCURE subprocessors because they are enabled, selected, or authorized by the Customer.
Examples may include:
- •laboratory systems;
- •imaging or radiology systems;
- •pharmacy systems;
- •HMO or payor systems;
- •accounting or payment systems;
- •messaging platforms;
- •patient communication tools;
- •third-party reporting tools;
- •government or regulatory portals;
- •APIs or customer-managed integrations; and
- •other external systems selected or authorized by the Customer.
Customer-enabled integrations may be governed by the third party’s own terms, privacy policy, security practices, and data processing arrangements.
Customers are responsible for determining whether third-party integrations are appropriate and lawful for their use case.
5. Deployment-Specific Subprocessors
The subprocessors used for a Customer may vary depending on deployment model.
For MYCURE-hosted cloud services, MYCURE may use hosting, infrastructure, monitoring, communications, support, and security subprocessors as needed to provide the Services.
For private cloud, client-hosted, or customer-managed deployments, some infrastructure, hosting, backup, security, or support responsibilities may belong to the Customer or to Customer-selected vendors.
Deployment-specific responsibilities should be confirmed in the applicable Order Form, Statement of Work, Security Addendum, Service Level Agreement, or other written agreement.
6. Subprocessor Safeguards
MYCURE takes reasonable steps designed to ensure that subprocessors processing personal data on our behalf are subject to appropriate confidentiality, security, and data protection obligations.
Depending on the nature of the service, these safeguards may include:
- •written contractual obligations;
- •confidentiality commitments;
- •restrictions on use of personal data;
- •security requirements;
- •access control obligations;
- •incident notification obligations;
- •data protection terms;
- •limitations on onward transfer;
- •return or deletion obligations; and
- •other safeguards appropriate to the service.
7. Updates to This List
MYCURE may update this Subprocessor List from time to time as our Services, vendors, infrastructure, and business operations evolve.
Where required by applicable agreement, MYCURE will provide notice of material changes to subprocessors in accordance with the relevant Data Processing Addendum, Business Associate Agreement, Order Form, or other written agreement.
Continued use of the Services after an update to this Subprocessor List is governed by the Terms of Agreement and any applicable written agreement.
8. Questions
For questions about this Subprocessor List, please contact:
MYCURE / TOPSI Inc.
Email: helpdesk@mycure.md
For privacy-related matters, please contact:
Data Protection Officer
Email: dpo@mycure.md