ClinicsDoctorsTreatmentsResourcesWho we areTry PATHThe third-party services fertilityPATH uses to operate. We publish this register so you can see exactly who processes your data, where, and under what transfer safeguards.
We engage a small number of service providers to operate fertilityPATH. The list below is updated whenever we add, remove, or change a subprocessor. We commit to notifying registered users by email before any material change takes effect, so you have an opportunity to object before your data flows to a new provider.
Last reviewed: 29 May 2026. Some region details are pending confirmation from the vendor consoles and will be finalised in the next review.
| Vendor | Purpose | Data | Location | Transfer mechanism |
|---|---|---|---|---|
| Supabase | Authentication, Postgres database, file storage | Account credentials, profile, chat history, uploaded documents | EU (region to be confirmed) | Supabase DPA — SCCs apply if non-EU region |
| OpenAI | LLM inference for the PATH agent | Chat messages, plus the allow-listed profile fields injected into agent context (see orchestrator.py) | United States | OpenAI API DPA + Standard Contractual Clauses (Schrems II Transfer Impact Assessment required) |
| Tavily | Web search infrastructure — used when PATH looks up information from authoritative medical sources (HFEA, ESHRE, ASRM, NICE, CDC) | Search query text only; no user identity, profile, or chat history | United States | EU-US Data Privacy Framework / Standard Contractual Clauses |
| Pinecone | Vector search for clinical-guideline retrieval (RAG) | Embeddings of clinical questions; no direct PII | United States | Pinecone DPA + Standard Contractual Clauses |
| Stripe | Subscription billing and payment processing | Email, payment method, billing address (entered on Stripe's hosted Checkout — never touches our servers) | United States / EU | Stripe DPA (includes SCCs) |
| Vercel | Frontend hosting and edge delivery (this site + the patient app) | Anonymised request logs, edge cache | US / EU edge network | Vercel DPA |
| Render | Backend API hosting (FastAPI + LangGraph) | All API request data, agent traces | Region to be confirmed (EU regions available) | Render DPA |
| Google Analytics 4 | Anonymous site analytics on the public directory (consent-gated) | Page views, anonymised IP, referrer | United States | Google Ads/Analytics DPA + Standard Contractual Clauses |
| YouTube (Google) | Embedded clinic introduction videos on some clinic pages — loaded via the privacy-enhanced youtube-nocookie.com domain, and only after the visitor clicks play | IP address, device/browser data and viewing activity, sent to YouTube only once a visitor plays an embedded video | United States | Google Ads/Analytics DPA + Standard Contractual Clauses |
If you have a question about any of these providers, or you would like to object to a specific subprocessor processing your data, contact info@fertilitypath.app. We aim to respond within 7 days.
