Skip to content

TRUST & POLICIES

Sub-processors

Last updated: April 15, 2026

We use a small set of trusted vendors to deliver Mumm. This page lists every one that processes user data on our behalf, what they see, and where they store it. We update this page before adding a new sub-processor.

On this page
  1. Infrastructure
  2. AI and LLM
  3. Payments
  4. Communication channels
  5. Observability
  6. Changes to this list

Infrastructure

Vercel (USA)
Application hosting + CDN. Sees: HTTP request metadata, cached page bodies. Does not store database content.
Supabase (USA)
Postgres database, authentication, object storage, Realtime. Sees: all stored data. BAA executed (covers PHI).
Upstash (USA)
Redis-compatible cache and rate-limit store. Sees: short-lived keys, idempotency tokens, rate counters. No PHI.
Inngest (USA)
Durable workflow runner. Sees: function payloads (negotiation IDs, user IDs, event metadata). No raw PHI.

AI and LLM

Anthropic (USA)
LLM inference for the buyer agent (per doc 31). Sees: negotiation context, redacted message history, the agent's tool descriptions. BAA executed (covers PHI in medical-bill negotiations).
Mistral (EU)
OCR and document extraction (per doc 34). Sees: uploaded bill images and the extracted text. Used only for non-medical documents until BAA is in place.

Payments

Stripe (USA)
Payment processing, Connect transfers to merchants. Sees: customer payment-method data (PCI-DSS scope), merchant payout details, Mumm fees. BAA executed for PHI-related transactions.

Communication channels

Resend (USA)
Transactional email + inbound parsing for merchant negotiation threads. Sees: outbound and inbound email content. BAA in progress; medical-bill email gated on completion.
Twilio (USA)
SMS delivery and short-code provisioning for merchant chat. Sees: SMS body, recipient number. BAA in progress; medical-bill SMS gated on completion.
Retell (USA)
Voice agent platform for outbound merchant calls. Sees: call transcript, recording, merchant phone number. Recordings retained per the user's account preferences (per doc 19).

Observability

Sentry (USA)
Error tracking. Sees: stack traces, user ID, request ID. PII is scrubbed; PHI is sanitized before logging (per doc 41).
Axiom (USA)
Structured log retention. Sees: every API request, agent tool call, and webhook receipt. PII / PHI not logged (per doc 41 §Privacy).
PostHog (USA)
Product analytics + feature flags. Sees: anonymized event stream, feature-flag distinct IDs. IP address last-octet anonymized before storage (per doc 43 §Privacy by design).

Changes to this list

We update this page before onboarding a new sub-processor. Material changes (new vendor in a new category, change in country of processing) are notified to active customers at least 30 days in advance unless the change is required by law or breaks an active security threat.

Questions? Email privacy@trymumm.com.