Legal

Subprocessors

Effective: May 10, 2026

OneExpert engages a small set of vetted third-party providers. The credentialing application and all customer records live in a dedicated Google Cloud Platform environment; the public marketing site is a separate, lightweight property. OneExpert processes professional credentialing information about dental providers (license, NPI, DEA, malpractice). We do not process patient health information in the ordinary course of business.

How we evaluate subprocessors

Before onboarding a vendor that may access customer data, we assess: (a) the necessity of the engagement, (b) the vendor's security posture (e.g., SOC 2, ISO 27001, HIPAA-readiness), (c) data residency and transfer mechanisms, (d) availability of a BAA where PHI is involved, and (e) data-deletion and breach-notification commitments. Each engagement is reviewed periodically.

Customer notification

If your agreement with us includes a right to be notified of new subprocessors, we will provide that notice as set out in the agreement. Customers may object to a new subprocessor on reasonable grounds related to data protection by emailing legal@oneexpert.ai. If we cannot accommodate the objection, you may terminate the affected service in accordance with the agreement.

Current subprocessors

Vendors are listed below grouped by the property they support. Internal architecture, deployment topology, and per-vendor data-flow details are available to current customers under NDA on request.

Application — app.oneexpert.ai

The credentialing application where authenticated customers and OneExpert staff manage provider records and submissions.

VendorPurposeRegionPHI
Google Cloud Platform
Privacy terms
Application hosting and storage infrastructureUnited StatesNo PHI

Public website — oneexpert.ai

The marketing site you are reading now. It does not store customer accounts or provider records.

VendorPurposeRegionPHI
Vercel, Inc.
Privacy terms
Public marketing-site hosting onlyUnited StatesNo PHI
Google LLC
Privacy terms
Aggregate visitor analytics for the marketing siteUnited StatesNo PHI
Logo.dev
Privacy terms
Third-party brand-logo imagery on the marketing siteUnited StatesNo PHI

Insurance payers and verification entities

When you engage OneExpert to submit credentialing applications, we transmit relevant data directly to the dental insurance payers, networks, primary source verification services, and government agencies (e.g., DHCS for Denti-Cal, NPPES, CAQH ProView) you have asked us to interact with on your behalf. These entities are independent controllers of the information you submit through them and are not OneExpert subprocessors.

Business Associate Agreements

Subprocessors that may process Protected Health Information operate under a Business Associate Agreement with OneExpert. For details on our HIPAA posture, see the HIPAA Notice.

Contact

Subprocessor questions or objections: legal@oneexpert.ai.