Adjudica.AI — Glass Box Solutions, Inc.
Last Updated: May 4, 2026 Current Version: 1.1
Overview
This page lists the third-party subprocessors that Glass Box Solutions, Inc. ("Provider") engages to process Customer data in connection with the Adjudica.AI platform. This list is maintained pursuant to our Data Processing Agreement and Business Associate Agreements (BAAs).
A "subprocessor" means any third party engaged by Glass Box Solutions that processes Customer data — including Protected Health Information ("PHI") — in connection with delivering the Service.
To receive notifications of subprocessor changes: Email privacy@adjudica.ai with subject "Subprocessor Updates Subscribe".
Current Subprocessors
Infrastructure & Hosting
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Google Cloud Platform (Cloud Run, Compute, IAM, Secret Manager) | United States (us-west1, us-central1) | Application hosting, compute, secret management | All Customer data including PHI in transit | SOC 1/2/3, ISO 27001/17/18, HIPAA BAA, FedRAMP | ✓ |
| Google Cloud Storage (GCS) | United States (us-west1) | Document and file storage at rest (production) | Uploaded medical records, legal documents, PHI | SOC 2, ISO 27001, HIPAA BAA | ✓ |
| Google Cloud Operations (Logging / Monitoring) | United States | System monitoring, structured application logs (PHI redacted before write — see Privacy Notice §7) | System logs, performance metrics; no document content; no patient names | SOC 2, ISO 27001, HIPAA BAA | ✓ |
Contact: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 Privacy Policy: https://cloud.google.com/terms/cloud-privacy-notice Compliance: https://cloud.google.com/security/compliance
Database
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| PlanetScale, Inc. (PostgreSQL) | United States (AWS us-west-2) | Primary application database; structured case data, user accounts, audit logs, vector embeddings (pgvector) | All Customer data including PHI at rest | SOC 2 Type II, HIPAA BAA | ✓ |
Contact: PlanetScale, Inc., 8605 Santa Monica Blvd #99340, West Hollywood, CA 90069 Privacy Policy: https://planetscale.com/legal/privacy Trust: https://planetscale.com/security
Note: PlanetScale PostgreSQL is hosted in AWS us-west-2 (Oregon). Glass Box Solutions has executed a Business Associate Agreement with PlanetScale; AWS, as PlanetScale's underlying infrastructure provider, also operates under HIPAA-eligible services.
AI & Machine Learning
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Google Vertex AI / Gemini | United States (us-west1, us-central1) | Generative AI for document analysis, drafting, classification; orchestration of LLM calls | Medical records, legal briefs, user queries, case analysis | SOC 2, ISO 27001, HIPAA BAA | ✓ |
| Google Document AI | United States (us-west1) | OCR / structured text extraction from uploaded documents | Document images + extracted text (may contain PHI) | SOC 2, ISO 27001, HIPAA BAA | ✓ |
| Google Voyage (via Vertex AI Model Garden) | United States (us-west1) | Embedding model (voyage-large-4) for semantic search and retrieval | Document text chunks (may contain PHI); embeddings stored in PlanetScale | Inherits Vertex AI / Google BAA | ✓ |
| Anthropic, PBC (Claude API) | United States | Generative AI for document drafting, analysis, and consensus checks where Vertex AI alone is insufficient | Medical records, legal briefs, user queries (no model training per Anthropic Zero Data Retention) | SOC 2 Type II, HIPAA BAA | ✓ |
| OpenAI, L.L.C. | United States | Generative AI for specific drafting and consensus tasks; OCR post-processing | Medical records, legal briefs, user queries (no model training per OpenAI Enterprise / API ZDR terms) | SOC 2 Type II, HIPAA BAA | ✓ |
AI Provider Restrictions (contractual):
- No use of Customer data for foundation-model training
- No retention beyond request processing (Zero Data Retention where supported)
- No sharing with third parties
Workflow Orchestration
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Temporal Technologies, Inc. (Temporal Cloud) | United States | Durable workflow execution for OCR pipelines, document classification, MerusCase document import, scheduled maintenance jobs | Workflow inputs/outputs may include document IDs and metadata; no document content or PHI in workflow payloads (per platform pattern) | SOC 2 Type II, HIPAA BAA | ✓ |
Contact: Temporal Technologies, Inc., San Francisco, CA Trust: https://temporal.io/security
Document Conversion
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Gotenberg (self-hosted on Google Cloud Run) | United States (us-west1) | Office document → PDF conversion | Document files in transit (may contain PHI); transient — not persisted | Operated under Glass Box's Google Cloud BAA scope | ✓ (covered by GCP BAA) |
Gotenberg is open-source software self-hosted by Glass Box Solutions on Cloud Run. It is included here in the interest of transparency as a discrete data-processing component.
Email & Notifications
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Resend, Inc. | United States | Transactional email delivery (account, billing, security notifications) | Email addresses, message subject + body (no PHI; no document content) | SOC 2 Type II | N/A — no PHI |
Resend is used only for transactional account email. Adjudica does not send PHI by email.
Error Tracking & Performance
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Functional Software, Inc. (Sentry) | United States | Application error tracking, exception aggregation | Error reports, stack traces; PHI scrubbed at SDK boundary (regex + allowlist on event.user; SSN/DOB/MRN/ADJ-claim-number patterns redacted; breadcrumbs disabled) | SOC 2 Type II, ISO 27001 | N/A — PHI redacted upstream |
Implementation: see app/lib/sentry-pii.ts and server/lib/sentry-request-scope.ts in the Adjudica codebase for the redaction implementation.
LLM Observability
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Langfuse GmbH (Langfuse Cloud) | United States | LLM call tracing, prompt versioning, evaluation observability for Glass Box internal review | LLM prompts and completions (may contain PHI for diagnostic purposes) | SOC 2, HIPAA BAA | ✓ |
Note: Langfuse traces may contain PHI for the purpose of reviewing model behavior. Glass Box has executed a HIPAA BAA with Langfuse; Customer PHI in traces is handled under that BAA.
Payment Processing
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| Stripe, Inc. | United States | Subscription billing, payment processing | Billing contact information, payment method tokens; no PHI; no card data stored by Glass Box | PCI DSS Level 1, SOC 2 Type II | N/A — no PHI |
Authentication
| Subprocessor | Location | Purpose | Data Processed | Certifications | BAA |
|---|---|---|---|---|---|
| BetterAuth (self-hosted) | Operated by Glass Box on Cloud Run + PlanetScale | Session-based authentication, organization/team management | Email addresses, password hashes, session tokens | Operated under GCP + PlanetScale BAA scope | ✓ (covered by underlying providers) |
BetterAuth is open-source authentication software run by Glass Box. Authentication data lives in PlanetScale under the existing BAA.
Customer-Authorized Integrations (Not Subprocessors)
The following third parties are not Glass Box subprocessors. They are services that the Customer law firm independently maintains a direct relationship with, and which the Customer authorizes Adjudica to access via OAuth on the firm's behalf. PHI flows directly between the Customer and the integration; Glass Box accesses the data only as the Customer's agent.
| Integration | Purpose | Direction | Customer Responsibility |
|---|---|---|---|
| MerusCase (Paradigm Software) | Case-management system; Adjudica imports documents and case metadata authorized by the Customer firm | Inbound (MerusCase → Adjudica) | Customer firm maintains its own contract / BAA with MerusCase. Adjudica's BAA with the Customer firm covers downstream processing. |
If you are a Customer evaluating this integration, please confirm that your MerusCase agreement permits API access by approved third-party tools, and that PHI access via OAuth is authorized under your internal HIPAA policies.
AI Training Restrictions
All AI subprocessors that may process Customer data — Google (Vertex AI / Gemini / Document AI), Anthropic, OpenAI — are contractually prohibited from:
- Using Customer data to train, fine-tune, or improve foundation models
- Retaining Customer data beyond what is required to process the request
- Sharing Customer data with third parties
This is enforced through executed BAAs and, where applicable, Zero Data Retention (ZDR) addenda or enterprise-tier terms.
Subprocessor Data Handling Summary
PHI Access Matrix
| Subprocessor | PHI Access | BAA Executed |
|---|---|---|
| Google Cloud Platform (hosting + storage + ops) | Yes | Yes |
| PlanetScale (PostgreSQL) | Yes | Yes |
| Google Vertex AI / Gemini | Yes | Yes |
| Google Document AI | Yes | Yes |
| Google Voyage (via Vertex AI) | Yes | Yes (under Vertex AI BAA) |
| Anthropic | Yes | Yes |
| OpenAI | Yes | Yes |
| Temporal Cloud | Metadata only (no document content) | Yes |
| Gotenberg (Cloud Run, self-hosted) | Transient PHI in conversion | Covered by GCP BAA |
| Langfuse | Yes (in traces) | Yes |
| Resend | No | N/A — no PHI |
| Sentry | No (PHI redacted upstream) | N/A — PHI redacted |
| Stripe | No | N/A — no PHI |
Data Flow & Processing Activities
High-Level Data Flow
User Upload
→ Google Cloud Storage (object store)
→ Google Document AI (OCR)
→ PlanetScale PostgreSQL (structured data + pgvector embeddings)
→ AI Processing (Vertex AI / Gemini, with selective use of Anthropic, OpenAI)
→ Analysis Results → User Interface (React Router 7, served by Cloud Run)
Workflow orchestration:
Temporal Cloud (workflow IDs + metadata only — no document content in payloads)
Customer-authorized integration:
MerusCase API → Adjudica (inbound document import via OAuth, on Customer behalf)
Observability:
LLM calls → Langfuse (traces, may include PHI under BAA)
Errors → Sentry (PHI redacted at SDK boundary)
Logs → Google Cloud Operations (PHI scrubbed by Pino redact rules)
Processing Activity by Subprocessor
| Activity | Subprocessors Involved | Data Movement |
|---|---|---|
| Document Upload | GCS, PlanetScale | User → GCS (us-west1) → PlanetScale row metadata |
| OCR / Text Extraction | Document AI | GCS → Document AI → PlanetScale |
| Office → PDF conversion | Gotenberg (self-hosted on Cloud Run) | App → Gotenberg → GCS (transient) |
| AI Analysis | Vertex AI / Gemini, Anthropic, OpenAI | PlanetScale → AI provider → PlanetScale (results) |
| Semantic Embedding | Voyage (via Vertex AI) | PlanetScale → Voyage → PlanetScale (embeddings) |
| Workflow Orchestration | Temporal Cloud | Workflow IDs/metadata only; no document content |
| MerusCase Document Import | MerusCase (customer-authorized) | MerusCase → Adjudica (OAuth-bound) |
| LLM Tracing | Langfuse | Adjudica → Langfuse (BAA-covered) |
| Error Tracking | Sentry | Adjudica → Sentry (PHI redacted) |
| Email Notifications | Resend | Adjudica → Resend → User email (no PHI) |
| Billing | Stripe | Adjudica → Stripe (no PHI) |
Geographic Boundaries: All Customer data processing occurs within United States data centers. No cross-border transfers.
Regional Data Storage
Primary Region
- Application + Storage: Google Cloud
us-west1(Oregon) - Database: PlanetScale PostgreSQL — AWS
us-west-2(Oregon) - AI processing endpoints: Google Cloud
us-west1andus-central1
Disaster Recovery
- Database backups retained per PlanetScale's continuous backup; encrypted in PlanetScale-managed AWS infrastructure
- Object storage versioning + cross-region replication within United States only
Note: Glass Box does not store or process Customer data outside the United States.
Notification of Changes
Pursuant to our Data Processing Agreement:
- New Subprocessors: Customers will receive at least 30 days' notice before a new subprocessor begins processing Customer data
- Objection Period: Customers may object to a new subprocessor within 15 days of notification
- Updates: This list will be updated when subprocessors are added or removed; the "Last Updated" date and version number above will be incremented
How We Notify
- Email to registered account owner
- In-app notification banner
- Update to this page with highlighted changes
Subscribe to Updates
To receive email notifications of subprocessor changes:
- Email: privacy@adjudica.ai
- Subject:
Subprocessor Updates Subscribe - Include: Company name, contact email
Customer Right to Object
If you object to a new subprocessor:
Step 1: Submit Objection (within 15 days of notification)
- Email: privacy@adjudica.ai
- Subject:
Subprocessor Objection - [Subprocessor Name] - Include: Reason for objection, any alternative solutions you propose
Step 2: Provider Response (within 10 business days)
- We will either:
- Work with you to address concerns (additional safeguards, contract modification)
- Provide an alternative technical solution where feasible
- Discuss transition options if no agreement can be reached
Step 3: Resolution
- If concerns addressed: New subprocessor proceeds with additional safeguards
- If no resolution: You may terminate services per the Data Processing Agreement termination provisions
Valid Objection Grounds
- Security or privacy concerns specific to the subprocessor
- Regulatory compliance conflicts
- Jurisdictional restrictions
- Contractual conflicts with your own obligations
Due Diligence
Before engaging any subprocessor, Glass Box Solutions conducts:
- Security Assessment — Review of SOC 2 / ISO 27001 reports, security questionnaire, penetration test results where available
- Privacy Assessment — Data handling practices review, privacy policy evaluation, CCPA/HIPAA compliance verification
- Contractual Requirements — Data Processing Agreement, BAA where PHI is processed, confidentiality and audit-rights provisions
- Ongoing Monitoring — Annual review, certification renewal verification, incident notification monitoring
Regulatory Compliance Mapping
HIPAA — Business Associate Agreements
All subprocessors that process PHI on Glass Box's behalf have an executed Business Associate Agreement on file. Customers may request copies subject to the subprocessor's confidentiality requirements.
| Subprocessor | BAA Status | Verification Cycle |
|---|---|---|
| Google Cloud Platform (hosting, storage, ops, AI) | ✓ Executed | Annual |
| PlanetScale | ✓ Executed | Annual |
| Anthropic | ✓ Executed | Annual |
| OpenAI | ✓ Executed | Annual |
| Temporal Cloud | ✓ Executed | Annual |
| Langfuse | ✓ Executed | Annual |
CCPA / CPRA — Service Provider Designation
All subprocessors processing Customer personal information are designated as "Service Providers" under California Civil Code §1798.140(ag). Each is bound by:
- ✓ Written contract with enumerated business purposes
- ✓ Prohibition on selling, sharing, or retaining personal information for any purpose other than the contracted service
- ✓ Prohibition on combining data with information from other sources
- ✓ Certification of understanding obligations
- ✓ Right of audit
SOC 2 — Subprocessor Attestations
Glass Box collects and reviews each subprocessor's most recent SOC 2 Type II attestation. Reports are available to Customers under NDA upon request to compliance@adjudica.ai.
Incident Response & Breach Notification
Subprocessor Obligations
All PHI-processing subprocessors are contractually required to:
- Notify Glass Box Solutions within 24–48 hours of becoming aware of any security incident
- Provide incident details (nature, data affected, mitigation steps)
- Cooperate with investigation (forensics, root cause, remediation)
- Implement corrective measures
Glass Box Response
Upon subprocessor breach notification:
Within 24 hours: Customer-data impact assessment; internal investigation begins; containment measures implemented Within 72 hours: Notify affected Customers per BAA / DPA terms; provide summary and impact assessment Ongoing: Root-cause analysis, additional safeguards, regular Customer updates, re-evaluation of subprocessor relationship if warranted
Audit Rights
Customer Audit Rights
Pursuant to the Data Processing Agreement and BAAs:
Customers may:
- Request subprocessor security certifications (SOC 2, ISO 27001)
- Request subprocessor BAA confirmations
- Conduct annual audit of Glass Box's subprocessor management program
- Request evidence of subprocessor due diligence
Limitations:
- Direct audits of subprocessors require subprocessor consent
- NDA required for confidential information
- Audit frequency limited per DPA (typically annual)
How to request: Email compliance@adjudica.ai with subject "Subprocessor Audit Request"
Subprocessor Change History
| Date | Version | Change | Notes |
|---|---|---|---|
| 2026-01-25 | 1.0 | Initial publication | — |
| 2026-05-04 | 1.1 | Reconciled to actual production stack | Added PlanetScale (replaces Cloud SQL), Anthropic, OpenAI, Voyage, Temporal Cloud, Langfuse, Gotenberg, BetterAuth; replaced SendGrid with Resend; moved MerusCase to Customer-Authorized Integrations; clarified Sentry redaction posture |
Questions
- Privacy Team: privacy@adjudica.ai
- Security Team: security@adjudica.ai
- Compliance: compliance@adjudica.ai
- DPA / BAA Questions: legal@glassboxsolutions.com
Support hours: Monday–Friday, 9am–5pm Pacific Time Emergency security contact: security@adjudica.ai (24/7 monitored)
Glass Box Solutions, Inc.
@Developed & Documented by Glass Box Solutions, Inc. using human ingenuity and modern technology