Back to Trust
Subprocessors
Every third party with access to data flowing through ClarioScope is listed here. When we add or remove a subprocessor, this page is updated; we encourage practices to subscribe to changes via the email address at the bottom.
Last reviewed: May 15, 2026
| Subprocessor | Purpose | Data shared | BAA | Region |
|---|---|---|---|---|
| Anthropic | Claude API — reasoning, synthesis, and the AI receptionist's language model. | Prompt context (practice profile, agent script, conversation transcripts). No PHI in core paths. | Yes | United States |
| OpenAI | Diagnostic scan analysis and selected content generation. | Public website content scraped for the scan, practice profile fields. No PHI. | Not required | United States |
| ElevenLabs | Voice synthesis and conversational voice agent runtime for the AI receptionist. | Agent instructions, voice prompts, call audio, transcripts. | Yes | United States |
| BeautyCrew (operated by Bralvio LLC) | Backend voice/SMS runtime that powers the AI receptionist. | Call transcripts, dispositions, and message events. Same legal entity as ClarioScope. | Yes (intra-entity) | United States |
| Stedi | Real-time insurance eligibility verification (X12 270/271). | Patient name, date of birth, and insurance member ID — only when the practice initiates a verification. | In activation | United States |
| Stripe | Subscription billing and payment processing for practice clients. | Billing contact, payment method tokens. No PHI; no patient-facing payment flows on this account. | Not required | United States |
| Amazon Web Services (AWS) | Underlying compute, database, and object storage via Laravel Cloud. | All platform data at rest, encrypted via AWS server-side encryption. | Yes | US-East-1 (N. Virginia) |
| Laravel Cloud | Application hosting platform (runs on AWS). | All platform data flowing through the application tier. | Yes (via underlying AWS BAA) | US-East-1 (N. Virginia) |
| Firecrawl | Public website scraping for the diagnostic scan. | Only public web pages explicitly provided by the practice or prospect (their own URL). | Not required | United States |
Subscribe to subprocessor changes
We notify practice clients in advance of any change to this list. Email security@clarioscope.ai to be added to the notice list.