LEGAL · SUBPROCESSORS

Subprocessors

The third-party service providers CHAIRSIDE engages to deliver the platform. Each is bound by a written agreement with appropriate confidentiality, security, and HIPAA Business Associate provisions.

EFFECTIVE · APRIL 30, 2026 · VERSION 1.0 · BIT9 IT SOLUTIONS LLC

01 Overview

This page lists the third-party subprocessors that CHAIRSIDE relies on to deliver the Service. Transparency about how patient data flows through our infrastructure is core to how we operate, and this page is the authoritative source for which third parties may handle your practice's data on our behalf.

In Plain Terms Three companies help us deliver CHAIRSIDE: Amazon Web Services hosts our infrastructure, Anthropic provides AI processing, and Sikka Software provides practice management system integration. CHAIRSIDE has executed a Business Associate Agreement with AWS, has executed or is in the process of executing a BAA with Anthropic, and Sikka Software provides its BAA directly to your practice as part of the practice authorization process. Each subprocessor is bound by contractual obligations to handle data appropriately.

02 What is a Subprocessor?

A subprocessor is a third-party service provider that CHAIRSIDE engages to help deliver the Service and that may, in the course of providing its services, process Customer Data, including Protected Health Information (PHI).

Under HIPAA, a subprocessor is a "Subcontractor" of a Business Associate. CHAIRSIDE is the Business Associate of your practice (the Covered Entity), and any subprocessor that handles PHI on our behalf becomes a Subcontractor Business Associate, bound by HIPAA's flow-down requirements.

Each subprocessor listed below has executed a written agreement with CHAIRSIDE that includes:

  • Confidentiality and non-disclosure obligations
  • Appropriate technical and organizational security safeguards
  • A HIPAA Business Associate Agreement where the subprocessor handles PHI
  • Restrictions on use of data — only for the specific function performed
  • Breach notification obligations

03 Current Subprocessors

The following subprocessors are engaged by CHAIRSIDE as of the effective date above:

Amazon Web Services (AWS)
Amazon Web Services, Inc.
BAA USA
Function
Cloud infrastructure provider. Hosts CHAIRSIDE application servers, database, encrypted object storage, and supporting infrastructure.
Data Accessed
All Customer Data and PHI processed by the Service is stored within AWS infrastructure (encrypted at rest and in transit).
HQ
Seattle, Washington, USA
More Information
HIPAA Compliance · Privacy Notice · Security
Anthropic
Anthropic, PBC
BAA IN PROGRESS USA
Function
AI processing. Provides the large language model usage powering CHAIRSIDE's AI-assisted features.
Data Accessed
Structured and unstructured PHI necessary to generate the requested AI output. Anthropic does not retain or train on practice PHI.
BAA Status
CHAIRSIDE has executed or is in the process of executing a HIPAA Business Associate Agreement with Anthropic for HIPAA-ready API access with Zero Data Retention enabled. The BAA will be in place prior to any customer practice onboarding.
HQ
San Francisco, California, USA
More Information
Privacy Policy · Trust Center
Sikka Software
Sikka Software Corporation
BAA DIRECT WITH PRACTICE USA
Function
Practice management system integration.
Data Accessed
Patient records, clinical notes, scheduling data, billing records, insurance information, and dental imaging extracted from your practice management system.
BAA Status
Sikka Software provides its HIPAA Business Associate Agreement directly to your practice as part of the practice authorization process during onboarding. Your practice will hold a BAA with Sikka and a separate BAA with CHAIRSIDE. CHAIRSIDE does not act as an intermediary for Sikka's BAA.
HQ
San Jose, California, USA
More Information
Privacy Policy · Terms of Service

04 Notification of Changes

When CHAIRSIDE adds or replaces a subprocessor that will handle Customer Data or PHI, we will:

  • Update this page with the new subprocessor's information
  • Notify subscribed practices via email at least thirty (30) days in advance of the new subprocessor going live
  • Execute a HIPAA Business Associate Agreement with the new subprocessor before any PHI is shared
  • Conduct security and privacy due diligence appropriate to the data the subprocessor will handle

Material changes — such as adding a new subprocessor that processes PHI — will be communicated proactively. Minor changes — such as a subprocessor's address or corporate name change — will be reflected on this page without separate notification.

05 Customer Right to Object

If your practice has a reasonable, good-faith objection to a new subprocessor based on data protection or compliance concerns, you may notify CHAIRSIDE in writing within thirty (30) days of receiving notification of the new subprocessor.

Upon receiving such notice, CHAIRSIDE will work with you in good faith to resolve the concern, which may include providing additional information about the subprocessor's safeguards, or, if no resolution can be reached, allowing you to terminate the affected portion of your subscription without penalty.

How to Object Send written notice of any objection to support@bit9itsolutions.com with the subject line "Subprocessor Objection" within 30 days of our notification.

06 Contact

Questions about CHAIRSIDE's subprocessors, BAAs with subcontractors, or our data protection practices?

Bit9 IT Solutions LLC d/b/a CHAIRSIDE · Colorado · USA