Subprocessors
Linkd HQ — A product of DesignedIT Inc.
Last updated March 15, 2026
Every third-party company that processes customer or end-user data on behalf of Linkd HQ. We notify customers at least 30 days before adding new subprocessors that handle personal data. To subscribe to change notifications, email contact@designedit.org with subject “Subprocessor Updates.”
Google Cloud Platform — cloud.google.com
Purpose — Core infrastructure including database (Firestore), file storage (Cloud Storage), serverless functions (Cloud Functions), and hosting. All customer data at rest lives here.
Data processed — All Customer Content, conversation logs when enabled, form submissions, leads, support tickets, metadata, and system logs.
Location — US (default)
HIPAA BAA — Signed
OpenAI — openai.com
Purpose — AI inference only. When a visitor sends a message the query text is processed in real time to generate a response, then immediately discarded. Nothing is stored.
Data processed — Query text only, ephemeral. Zero data retention policy. Never used for model training. No Customer Content or PHI retained by OpenAI at any point.
Location — US
HIPAA BAA — Signed
Clerk — clerk.com
Purpose — User authentication and identity management for clinic admin accounts. Handles login, session management, MFA, and email OTP verification.
Data processed — Admin name, business email, login events, session tokens. No patient data, no health information, no Customer Content.
Location — US
HIPAA BAA — Not required, no PHI processed
Stripe — stripe.com
Purpose — Payment processing for subscription billing. Linkd never stores payment card information directly.
Data processed — Billing name and payment details processed and stored by Stripe, not by Linkd. No patient data, no health information.
Location — US
Not applicable — No PHI processed
Pinecone — pinecone.io
Purpose — Vector database for semantic search. Customer-uploaded knowledge base documents are converted to vector embeddings and stored here to power chatbot responses.
Data processed — Vector embeddings of Customer Content only. No patient data, no conversation content, no personal health information.
Location — US
HIPAA BAA — Not required, no PHI processed
Data flow
When a patient sends a message to a clinic's chatbot — Patient message → Linkd servers (Google Cloud) → OpenAI inference (ephemeral, zero retention) → Response returned → If logging is enabled: conversation written to Firestore (Google Cloud) with automated sensitive information detection applied first, permanently deleted after 30 days.
- Stripe never touches patient or conversation data.
- Clerk never touches patient or conversation data.
- OpenAI never retains any data.
- Google Cloud stores data only under a signed HIPAA BAA.
- Pinecone stores only mathematical vector representations of uploaded documents, not patient or conversation data.
Changes to this list
When we add, remove, or change a subprocessor handling personal data, we update this page and notify active customers by email at least 30 days before the change takes effect. Customers who object to a new subprocessor may contact contact@designedit.org to discuss alternatives.
Questions — contact@designedit.org