Legal
Subprocessors and model providers
This page lists providers that may process personal information or health data for Murph when a hosted feature, integration, or user-directed workflow uses that provider. Some providers apply only when you enable the related feature.
Last updated: April 29, 2026. Material changes to providers that process health data will be reflected here and, where required by law or contract, notified to users.
Download PDF| Provider | Service | Data categories | Country/region | Trains on Murph data? | Retention | Role |
|---|---|---|---|---|---|---|
| Vercel | Hosted web deployment, pointer-only Workflow-managed runner nudge retries, edge/runtime infrastructure, and optional web analytics. | Account, device/browser, operational, hosted-control-plane, opaque workflow input such as mailbox item identifiers and source labels, workflow event logs, and retry metadata. Provider webhook message bodies and verification secrets are not Workflow inputs. | United States / global infrastructure | No | Service logs, workflow state, and analytics per Vercel settings and Murph retention rules. | Subprocessor |
| Cloudflare | Hosted execution, Workers, Durable Objects, object storage, logs, and security. | Encrypted stored workspace data, transient execution content needed to run requested hosted workflows, execution metadata, runtime logs, and operational artifacts. | United States / global infrastructure | No | Execution artifacts and logs per Murph retention rules and deployment settings. | Subprocessor |
| Deployment-specific Postgres provider | Hosted database selected by the deployment through DATABASE_URL. | Hosted member, routing, billing reference, mailbox, workspace checkpoint, and operational records. | Deployment-specific | No | Per Murph retention targets and deployment-specific database backup settings. | Subprocessor |
| Privy | Hosted authentication, identity tokens, linked accounts, and embedded-wallet support. | Identity, account, linked-account, wallet, and authentication metadata. | United States / global infrastructure | No | Per Privy service settings and Murph account-retention rules. | Subprocessor |
| Stripe | Checkout, subscription billing, invoices, tax/accounting records, and payment events. | Billing contact, customer, subscription, checkout, invoice, payment status, and metering metadata. | United States / global infrastructure | No | Billing records retained for legal, tax, accounting, and dispute needs. | Subprocessor |
| Vercel AI Gateway | AI inference for requested assistant, summarization, extraction, and automation features. | Prompts, messages, files, health context, tool context, and outputs needed for the requested feature. | Provider-specific | No for Murph health data | Limited to service delivery, security, and troubleshooting where contract or configuration allows. | Model provider / subprocessor |
| Configured AI model providers | Underlying model providers configured through the hosted assistant gateway for requested AI features. | Prompts, messages, files, health context, tool context, and outputs needed for the requested feature. | Provider-specific | No for Murph-managed health data. Murph does not route health data to configured model providers unless no-training controls are in place. If a user supplies their own provider account, API key, or self-hosted configuration, that provider's own settings and terms may apply. | Limited to service delivery, security, and troubleshooting under applicable provider controls. | Deployment-configured model provider |
| Linq | User-directed messaging, message delivery, attachment retrieval, and webhook ingress. | Messaging identifiers, routing metadata, message content, attachments, delivery status, and webhook metadata. | Provider-specific | No | Per enabled messaging feature, provider policy, and Murph retention rules. | Messaging provider |
| Telegram | User-directed Telegram messaging, file retrieval, delivery status, and webhook ingress. | Telegram identifiers, routing metadata, message content, attachments, delivery status, and webhook metadata. | Provider-specific | No | Per enabled messaging feature, provider policy, and Murph retention rules. | Messaging provider |
| AgentMail | Optional email inbox, email sync, attachment retrieval, and outbound email delivery. | Email address, message headers, message content, attachments, thread metadata, and delivery status. | Provider-specific | No | Per enabled email feature, provider policy, and Murph retention rules. | Email provider |
| Oura, WHOOP, Garmin, Strava, and similar wearable providers | Optional user-authorized wearable, activity, and wellness data sync. | Connection metadata, provider account identifiers, activity, sleep, recovery, body-state, and physiological data authorized by the user. | Provider-specific | No for Murph-directed processing | Per active integration, provider policy, and Murph retention rules. | Connected service / integration provider |
| Mapbox | Optional routing, geocoding, directions, and map enrichment requested by the user. | Route inputs, approximate locations, directions requests, and operational metadata. | Provider-specific | No for Murph health data | Temporary request processing under Murph feature limits and provider policy. | Feature provider / subprocessor |
| Configured search providers | Optional user-requested search, retrieval, or source-discovery features. | Feature-specific search queries, result snippets, source URLs, health context needed for the requested feature, and operational metadata. | Provider-specific | Murph does not send health data to search providers unless the feature requires it, the user requests it, and applicable no-training/no-secondary-use controls are in place. | Limited to service delivery, security, and troubleshooting under applicable provider controls. | Deployment-configured feature provider |
| Deployment-configured transcription and parsing providers | Optional transcription, parsing, routing, or enrichment features requested by the user. | Feature-specific prompts, files, audio, extracted text, and operational metadata. | Provider-specific | No for Murph-managed health data when applicable no-training controls are in place. | Limited to service delivery, security, and troubleshooting under applicable provider controls. | Deployment-configured feature provider |
Connected services may also process data as independent providers under their own privacy policies when you choose to connect or share data with them. The Murph Privacy Policy explains those boundaries and how to exercise privacy rights.