Sub-processor List

The third-party services Jettson.dev uses to deliver the Service, what they do, and where to read their policies.

Last updated: May 15, 2026 · Version 1.0

The table below lists the sub-processors Jettson currently uses to provide the Service. Each one is bound by data-protection terms with us, including a confidentiality obligation and (where applicable) the EU Standard Contractual Clauses.

Current sub-processors

| Sub-processor | Service provided | Location | Data categories | Policy | | --- | --- | --- | --- | --- | | Vercel Inc. | Web hosting, serverless functions, image optimization, edge network | USA | Visitor IP, account info, page-view metadata, request logs | vercel.com/legal/privacy-policy | | Fly.io (Hashicorp via Fly.io Inc.) | Compute and isolated containers for agent runs (multi-region: iad, lhr, syd) | USA, UK, Australia | Agent task prompts at execution time, ephemeral workspace contents | fly.io/legal/privacy-policy | | Google LLC / Firebase | Authentication, Firestore database, Cloud Storage | USA | Account, agent metadata, memory records, audit logs | firebase.google.com/support/privacy | | Stripe, Inc. | Payment processing, subscription billing, tax handling | USA | Billing name, address, card token, transaction history | stripe.com/privacy | | Anthropic PBC | LLM inference (Claude) for agent reasoning | USA | Agent prompts, tool definitions, intermediate reasoning, agent outputs | anthropic.com/legal/privacy | | OpenAI, L.L.C. | LLM inference (GPT) for selected workflows | USA | Agent prompts, tool definitions, intermediate reasoning, agent outputs | openai.com/policies/privacy-policy | | Voyage AI Innovations Inc. | Embedding generation for memory semantic search | USA | Memory content at indexing time | voyageai.com/legal/privacy | | Resend, Inc. | Transactional and (with consent) marketing email delivery | USA | Email addresses, delivery logs, link clicks | resend.com/legal/privacy-policy | | Cloudflare, Inc. (via providers) | DNS, anti-bot, edge protection | USA | Request metadata | cloudflare.com/privacypolicy |

If Jettson uses additional infrastructure that incidentally processes personal data (e.g. monitoring, error tracking), it will be added here within a reasonable time of adoption.

Notice of new sub-processors

We will give at least thirty (30) days' notice before adding or replacing a sub-processor that processes Customer Personal Data on Customer's behalf. Notice will be posted here and emailed to Account contacts that have opted in to security/product notifications.

If you have a Data Processing Agreement with Jettson, you may object to a new sub-processor on reasonable grounds within the notice period. If we cannot resolve the objection, your remedy is to terminate the affected portion of the Service and receive a prorated refund of pre-paid Fees.

Sub-processor due diligence

We evaluate sub-processors against:

  • Security posture (SOC 2, ISO 27001, encryption, access controls).
  • Data-processing terms (DPA availability, sub-processor obligations, SCCs).
  • Geographic location and transfer mechanisms.
  • Operational reliability.
  • Reputation and track record.

Contact

Sub-processor questions: customertek@rwxtek.com.