Sub-processors
Last updated: 2026-06-01
PMHNP Hiring is operated by Akari Labs LLC (30 North Gould Street, Sheridan, WY 82801, United States). To operate the service, Akari Labs LLC engages a small set of third-party service providers ("sub-processors"). Each sub-processor only receives the data necessary for its specific function and is bound by a Data Processing Agreement that mirrors the protections in our Privacy Policy.
We notify customers of material changes to this list at least 30 days before they take effect via a banner on this page and (for active employer accounts) an email to the billing contact.
Active sub-processors
Vercel, Inc.
Purpose
Application hosting, edge functions, performance telemetry (Speed Insights)
Data shared
IP address, request metadata, performance vitals (only after consent)
Processing location
United States
Transfer mechanism
Standard Contractual Clauses (SCCs)
Supabase, Inc.
Purpose
Database, authentication, file storage (resumes, profile assets)
Data shared
Account credentials, profile data, application data, uploaded files
Processing location
United States (us-east-1)
Transfer mechanism
Standard Contractual Clauses (SCCs)
Stripe Payments Europe, Ltd.
Purpose
Payment processing for employer job postings (hosted Checkout)
Data shared
Billing email, billing country, payment metadata. Card data is captured directly by Stripe and never touches our servers.
Processing location
European Union & United States
Transfer mechanism
Standard Contractual Clauses (SCCs)
Resend, Inc.
Purpose
Transactional email (account, application, alert) and marketing email (job alerts)
Data shared
Recipient email address, message content, delivery metadata
Processing location
United States
Transfer mechanism
Standard Contractual Clauses (SCCs)
Google LLC (Google Analytics 4)
Purpose
Aggregate usage analytics to understand how visitors use the site
Data shared
Anonymized IP, user agent, page views, custom events. Loaded only after explicit analytics consent (Consent Mode v2). Ads/personalization signals stay disabled.
Processing location
United States & global Google infrastructure
Transfer mechanism
Standard Contractual Clauses (SCCs); IP anonymization enabled
Functional Software, Inc. (Sentry)
Purpose
Application error monitoring (build-time wired; client init currently disabled)
Data shared
Stack traces, request URL, anonymized user identifier (when active)
Processing location
United States
Transfer mechanism
Standard Contractual Clauses (SCCs)
OpenAI, L.L.C.
Purpose
AI résumé parsing (auto-fill profile from an uploaded résumé) and candidate/job embedding generation for semantic search and personalized recommendations
Data shared
Résumé text (name, contact details, work history, education, licenses, NPI/DEA numbers); candidate profile synopsis (headline, bio, specialties, certifications, licensed states, years of experience). Processed in-flight; not used to train OpenAI models under the API data-usage policy.
Processing location
United States
Transfer mechanism
Standard Contractual Clauses (SCCs)
Upstash, Inc. (Redis)
Purpose
Serverless Redis for HTTP rate limiting, AI response caching (to avoid duplicate LLM calls), and ingest-pipeline cross-chunk job-presence aggregation
Data shared
IP address (rate-limit keys); pseudonymous user/tenant identifiers (AI rate-limit keys); cached AI response content which may include structured candidate data extracted from résumés (TTL-bounded, keyed by a hash of inputs)
Processing location
United States
Transfer mechanism
Standard Contractual Clauses (SCCs)
Inngest, Inc.
Purpose
Durable background job execution: embedding-refresh jobs (on profile/job update), daily recommendation generation, weekly recommendation-digest emails, and job-health recovery probes
Data shared
Event payloads include a pseudonymous user identifier (UUID) and job identifiers/apply-link URLs. The recommendation-digest function processes candidate email address and first name within its step executions.
Processing location
United States
Transfer mechanism
Standard Contractual Clauses (SCCs)
Cross-border transfers
Several of our sub-processors are based in the United States. Where personal data of residents of the European Economic Area, the United Kingdom, or Switzerland is transferred outside its country of origin, the transfer is governed by the European Commission's Standard Contractual Clauses (SCCs) included in each sub-processor's DPA, supplemented by additional safeguards (encryption in transit and at rest, IP anonymization for analytics, and access controls).
Questions or DPA requests
If you are an employer customer and need a counter-signed Data Processing Addendum, or you have any question about this list, contact privacy@pmhnphiring.com.
