Sub-Processors

Piper relies on the following categories of third-party service providers to deliver the Piper SaaS platform. We list these by category rather than by specific vendor name. We update this page when our service categories materially change.

Cloud infrastructure provider

We use a major commercial cloud provider for hosting, data storage, and at-rest encryption. Agent data and OAuth tokens reside in the provider's US-based data centers under encryption keys managed by Bigweld.

Identity provider

We use a managed identity service for agent authentication. The identity provider receives the agent's email address and authenticates the agent on each sign-in. The identity provider does not receive appointment, calendar, or PHI data.

Email delivery service

We use a third-party transactional email service to send platform notifications to agents, such as security alerts, password resets, and operational notices. The email service receives the agent's email address and the contents of the messages we send. It does not receive appointment data, calendar contents, or PHI.

Application monitoring and error reporting

We use a third-party application-monitoring and error-reporting service to capture exceptions, performance traces, and diagnostic logs from Piper's frontend and backend. The service may receive technical metadata such as stack traces, error messages, request paths, browser and device information, and the identifier of the affected user. Piper is configured to send only the technical metadata required to diagnose errors; appointment data, calendar contents, and PHI are not intentionally transmitted to the service.

Customer support tooling

We use third-party tools to manage support tickets and incident response. These tools may receive an agent's email address and a description of the issue submitted, but do not receive appointment data, calendar contents, or PHI.

Analytics service

We use a third-party analytics service to derive coarse geographic information (such as country, region, and city) from agent IP addresses, which we use for security review, fraud detection, and aggregate usage reporting. The analytics service receives the IP address associated with each lookup; it does not receive appointment data, calendar contents, or PHI.

AI processing service

We use a hosted AI/ML service to power AI-assisted features inside Piper, such as content summarization, drafting assistance, and search. The AI service receives the prompts and contextual data needed for each request and returns the generated output. The service does not use Piper's data to train its models. Where AI features may process information that constitutes PHI, the service is operated under a HIPAA business associate agreement.

Quoting and enrollment platform

We integrate with a third-party quoting and enrollment platform to retrieve Medicare and life-insurance plan quotes and to submit applications on behalf of consumers. The platform receives the consumer information needed to generate quotes or complete enrollment, including identifiers and, where applicable, health-related information.

Mapping service

We use a third-party mapping service to render maps and resolve addresses inside Piper. The mapping service receives the location strings or coordinates Piper sends it for rendering. It does not receive appointment context, agent identifiers, or other contextual data that would associate a location with health-related information.

Insurance producer licensing registry

We use an industry-wide insurance producer licensing registry to verify and synchronize agent licensing information. The registry receives the producer identifiers needed to perform a license lookup. It does not receive appointment data, calendar contents, or PHI.

Related

For the broader picture of how Piper handles information, see the Piper Privacy Policy.