MedMe Sub-processors
Last Updated: March 03, 2026
MedMe Health (“MedMe”) uses certain sub-processors and content delivery networks to assist with the interoperability of the MedMe Platform. Capitalized terms used and not otherwise defined below will have the meanings given to such terms in our Software-as-a-Service Agreement (“SaaS Agreement”).
What Is a Sub-processor?
A sub-processor is a third-party data processor engaged by MedMe who has, or potentially will have, access to or process Subscriber Data (which may contain personal data or Protected Health Information, "PHI"). MedMe requires any such agent or subcontractor to agree to the same or similar restrictions and conditions that apply to MedMe through our data protection agreements.
Due Diligence
MedMe applies a commercially reasonable selection process by which it evaluates the security, privacy, and confidentiality practices of proposed sub-processors that will or may have access to or process Subscriber Data.
Contractual Safeguards
MedMe requires its sub-processors to satisfy equivalent obligations as those required from MedMe (as a Data Processor) as set forth in MedMe’s SaaS Agreement, including but not limited to the requirements to:
Process personal data in accordance with data controller’s (i.e. Subscriber’s) documented instructions;
In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security;
Provide regular training in security and data protection to personnel to whom they grant access to personal data;
Implement and maintain appropriate technical and organizational measures;
Promptly inform MedMe about any actual or potential security breaches; and cooperate with MedMe in order to facilitate requests from data controllers, data subjects, or data protection authorities, as applicable.
This notice does not give Subscribers any additional rights or remedies and should not be construed as a binding agreement. The information herein is to provide the actual list of third-party sub-processors and content delivery networks used by MedMe as of the date of this notice.
Cloud Service Providers Sub-processors – Subscriber Data Storage
MedMe controls access to the infrastructure that MedMe uses to host Subscriber Data submitted to the Services. Currently, the MedMe production systems for the MedMe Platform are located in facilities in the United States and Canada. The following table describes the countries and legal entities engaged in the storage of Subscriber Data by MedMe.
| Entity Name | Entity Type | Entity Country | Legal Safeguard |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud Service Provider | USA / Canada | Data Processing Agreement (DPA) & Business Association Agreement (BAA) |
| Google Cloud Platform | Cloud Service Provider | USA / Canada | DPA & BAA |
Service Specific Sub-processors
| Entity Name | Purpose | Applicable Services | Entity Country | Legal Safeguard |
|---|---|---|---|---|
| OneSchema | Patient data import and mapping | MedMe Platform | USA | DPA & BAA |
| Twilio / Sendgrid | SMS and Email communications | MedMe Platform | USA | DPA & BAA |
| Documo | eFax notifications and transmission | MedMe Platform | USA | DPA & BAA |
| Stripe | Credit card billing and payments | MedMe Platform | USA | DPA & BAA |
| Mapbox | Address auto-complete/mapping | MedMe Platform | USA | DPA & BAA |
| Langsmith | Trace logs for AI Scribe functionality | MedMe Platform | USA | DPA & BAA |
| Wiz | Cloud security and compliance monitoring | MedMe Platform, AI Patient Concierge | USA | DPA & BAA |
| SABBA | Security and compliance auditing | MedMe Platform | USA | DPA & BAA |
| Asepha | Clinical tool functionality | MedMe Platform | Canada | DPA & BAA |
| Deepgram | Speech-to-text processing | MedMe Platform, AI Patient Concierge | USA | DPA & BAA |
| Explo | Customer-facing dashboards/analytics | MedMe Platform | USA | DPA & BAA |
| Freshpaint | HIPAA-compliant data routing | MedMe Platform | USA | DPA & BAA |
| iFax | Digital fax services | MedMe Platform | USA | DPA & BAA |
| MAPflow | Clinical decision support | MedMe Platform | Canada | DPA & BAA |
| Timekit | Calendar and booking scheduling | MedMe Platform | Canada | DPA & BAA |
| Vigilance Sante | Pharmacological database access | MedMe Platform | Canada | DPA & BAA |
Content Delivery Networks
As explained above, MedMe’s Services may use content delivery networks (“CDNs”) to provide the Services, for security purposes, and to optimize content delivery. CDNs do not have access to Subscriber Data.
.svg)
Ready to Enhance Your Pharmacy’s Clinical Practice?
Subscribe to our newsletter
