BlueHiveSubprocessors

These subprocessors operate the underlying compute, storage, edge, and content-delivery infrastructure on which the BlueHive Services run.

Cloudflare, Inc. — United States

CDN, DNS, WAF, edge compute (Workers), and DDoS protection for the BlueHive marketing site and application edge. Processes request metadata, IP addresses, and any data transiting the edge. BAA available where required. See Cloudflare’s subprocessor list and DPA.

Google Cloud Platform (Google LLC) — United States

Primary application compute, managed databases, object storage, and backups for authenticated BlueHive workloads. Processes account data, transactional records, and (under BAA) PHI for HIPAA-regulated customers. See Google Cloud HIPAA-compliant services.

Google Workspace (Google LLC) — United States

Email, calendaring, and document collaboration for the BlueHive team. Processes inbound and outbound email content with customers, partners, and examinees. BAA in place; configured to disable advertising features and AI training on customer data.

Twilio Inc. — United States

Transactional SMS and voice messaging (for example, appointment reminders and one-time passcodes). Processes recipient phone numbers and message content. BAA available for HIPAA-regulated workloads. See Twilio’s privacy notice.

Stripe, Inc. — United States

Payment processing for employer billing and provider payouts. Stripe is a PCI-DSS Level 1 service provider and processes payment-card data, bank-account information, and related billing identifiers as an independent controller for fraud-prevention and regulatory purposes. BlueHive does not store full payment-card numbers. See Stripe’s Privacy Center.

The following subprocessors power optional AI-assisted features (such as summarizing intake responses or routing support requests). As stated in our Privacy Policy, BlueHive does not use PHI or identifiable customer data to train AI models, and we configure these vendors with zero-retention or short-retention controls where available.

OpenAI, L.L.C. — United States

Large-language-model inference for selected AI-assisted features. Configured with the OpenAI API zero-data-retention and no-training-on-customer-data controls. No PHI is sent without a customer-specific BAA. See OpenAI’s enterprise privacy commitments.

Anthropic, PBC — United States

Large-language-model inference (Claude) for selected AI-assisted features. Configured with no-training-on-customer-data controls. No PHI is sent without a customer-specific BAA. See Anthropic’s privacy policy.

We will update the "Last modified" date above whenever this list changes. Material additions — specifically, adding a new subprocessor that will process customer personal information or PHI — will be posted at least 30 days before the new subprocessor begins processing customer data. Customers may object to a new subprocessor through our contact form (subject: "Subprocessor Objection") within that notice period.