Below is the current list of subprocessors engaged by Aqueo Health Inc. for operating the Aqueo platform.
All subprocessors are bound by written agreements (a Data Processing Addendum or Customer Agreement) addressing:
-
safeguards appropriate to the sensitivity of information,
-
encryption at rest and in transit where applicable,
-
access controls and least-privilege principles,
-
breach-notification and cooperation obligations where applicable, and
-
limits on use to providing services to Aqueo on behalf of clinics.
| Service Provider | Purpose | Primary Location | Key Safeguards and Notes |
|---|---|---|---|
| Amazon Web Services (AWS) | Core infrastructure: application-tier compute (ECS Fargate behind an Application Load Balancer — patient, clinic, and admin portals plus the marketing site), S3 storage, KMS, Lambda, CloudWatch Logs | Canada (ca-central-1) | SSE-KMS encryption, access logging, least-privilege IAM, regional isolation; application-tier compute runs entirely in ca-central-1 |
| Amazon Web Services (AWS – SES) | Outbound email delivery for website inquiries (contact form) | Canada (default ca-central-1; configurable) | IAM least privilege; TLS in transit; email delivery scoped to internal recipients |
| Cloudflare Inc. | Authoritative DNS for the aqueo.ca zone (gray-cloud across the zone; DNS only, not in the HTTP path) | United States / Global (DNS resolution) | Industry-standard managed DNS service; Cloudflare Self-Serve Subscription Agreement and Cloudflare DPA |
| Proton AG (Proton Mail) | Inbound mailbox provider for admin@aqueo.ca and privacy@aqueo.ca (receives contact-form submissions delivered from Aqueo via SES). No clinical screening data is sent to these mailboxes. | Switzerland | Encrypted-at-rest mailbox storage; access restricted to designated Aqueo personnel; engaged under Proton's published Terms of Service and DPA |
Aqueo reviews this list regularly. Any additions or material changes will be reflected in an updated version of this document and communicated to partner clinics in accordance with contract terms.