Sub-processors

Rōvn third-party sub-processors

Rōvn engages third-party sub-processors to operate the Service. Each is bound by a contract that limits use to operating Rōvn and requires appropriate safeguards. We sign Business Associate Agreements with sub-processors that handle Protected Health Information.

We notify Customers of new sub-processors at least 30 days before they take effect, in compliance with our Business Associate Agreement and Data Processing Agreement obligations.

Active sub-processors

Vendor	Service	Region	Agreement
Amazon Web Services	Cloud infrastructure (compute, RDS, KMS, S3, ECR, ECS, CloudTrail, Backup)	USA · us-east-2	BAA accepted
Cloudflare	DNS, edge caching, Pages hosting	Global	DPA in progress
Google (Workspace)	Email, document storage, calendar	USA	BAA in progress
Persona	Identity verification	USA	BAA in progress
Checkr	Background checks	USA	BAA in progress
NPDB (HRSA)	Primary-source provider data verification (Rōvn entity DBID 399700000147857)	USA	Direct registration
Nursys e-Notify (NCSBN)	Primary-source nurse license verification	USA	Live
Sentry / monitoring vendor	Application error and performance monitoring	USA	BAA in progress

How we handle sub-processor changes

New sub-processors that may handle PHI: written notice to Customers ≥30 days before activation.
New non-PHI sub-processors: notice via this page; Customers may subscribe to update notifications via security@rovn.to.
Removed sub-processors: noted on this page for 12 months after removal.
Customers may object to new sub-processors that handle their PHI; objections are handled per the BAA.

Data protection

Each sub-processor agreement is reviewed by Rōvn before signing.
Sub-processors that handle PHI sign a BAA before any PHI is transmitted to them.
Sub-processors that handle personal data (without PHI) sign a Data Processing Agreement.
Active sub-processor agreements are stored in Rōvn's evidence vault and available for Customer review under NDA.

Reporting concerns

If you have concerns about any sub-processor, write to security@rovn.to. We respond within 5 business days.

Last updated 2026-04-26.