SUB-PROCESSORS
Sub-processors
OraTek Diagnostics uses the following third-party sub-processors to deliver the OraTek CRM service. Each is contractually bound to OraTek under a Data Processing Agreement (or equivalent) and processes customer data only as instructed by us.
| Sub-processor | Purpose | Data processed | Hosting region |
|---|---|---|---|
| DigitalOcean | Application hosting, managed PostgreSQL, managed Valkey/Redis | All customer data at rest | United States (NYC3) |
| Netlify | Static frontend hosting + CDN | Public assets only — no customer data | Global edge |
| Stripe | Payment processing, subscription billing | Billing contact, payment method, plan tier, invoice history | United States |
| Resend | Transactional email + outbound campaign delivery | Recipient email + message contents the customer composes | United States |
| Anthropic | AI assistant ("Julie") inference | Conversation contents the user enters; relevant CRM context the assistant pulls | United States |
| OpenAI | Optional AI backend (customer-selectable) | Conversation contents when customer opts to use OpenAI | United States |
| Google (OAuth, Gmail, Calendar) | User authentication, calendar + Gmail integrations | Auth tokens, emails the user grants access to, calendar events | Global (US-primary) |
| Sentry | Error reporting + observability | Stack traces, sanitized request metadata (no PII fields) | United States |
Changes to this list
We will give existing customers 30 days notice before adding a new sub-processor, via email to the org's admin contact. Customers can object during the notice window; in that case we will work with the customer to find an alternative or, if no resolution can be reached, allow the customer to terminate for cause.
Contact
Questions about a specific sub-processor or to request a current DPA: privacy@oratekdx.com.