UASecure

Draft, pending counsel review.

UASecure is preparing this documentation for licensed-counsel review. The text below reflects our intended terms and is binding on use of the service, but it has not yet been certified by counsel. If you have questions, email legal@uasecure.com.

Sub-Processors

Last updated: 2026-05-25

We engage the following sub-processors to operate UASecure. Each handles a specific category of data for a specific purpose. We are responsible for their compliance with our DPA at /dpa.

Sub-processor Data processed Purpose When it applies
Neon Account, mission, hangar, crew, billing metadata Primary application database Always
Vercel Account, mission, blob assets, request logs Application hosting, blob storage, edge functions Always
Stripe Email, billing address, last 4 of card, transaction history Payment processing, subscription management, sales tax computation When the customer subscribes
SendGrid Email, account metadata Transactional email (sign-up confirmation, password reset, billing notifications) Active provider when SENDGRID_API_KEY is configured (the current default)
Resend Email, account metadata Transactional email (failover when SendGrid is not configured) Active provider when SENDGRID_API_KEY is unset and RESEND_API_KEY is configured
Mapbox Map tile requests (IP at request time) Map rendering and geocoding When the customer renders a map or geocodes an address
Sentry Email, IP, user agent, stack traces, server-side request bodies and local variables Server-side and consent-gated client-side error monitoring Server-side: always. Browser: only when the visitor has granted Analytics consent.
Google Analytics 4 Cookie identifier, page views, referrer (GA4 does not store IP addresses) Marketing analytics Only when the visitor has granted Analytics consent

Not sub-processors

The following services are public APIs the platform consumes; they do not receive customer Personal Data and are therefore not sub-processors under our DPA:

  • NOAA api.weather.gov
  • FAA UDDS (UAS Data Delivery System)
  • FAA TFR (Temporary Flight Restrictions)
  • FAA LAANC (Low Altitude Authorization and Notification Capability)

Updates to this list

We post additions and removals on this page. Material additions (those that expand the categories of Personal Data processed) are announced with at least 30 days' advance notice via email and the in-app message center.

Contact

For sub-processor inquiries and objections, contact legal@uasecure.com.