Legal

Subprocessor List

Third-party subprocessors that process data on behalf of Hail Sentinel — including purpose, data categories, locations, and compliance certifications.

Last updated: March 2026

Subprocessor List

Table of Contents

  1. Overview
  2. Current Subprocessors
  3. Infrastructure Subprocessors
  4. Data Flow Summary
  5. Subprocessor Changes
  6. Contact

1. Overview

Hail Sentinel uses carefully selected third-party service providers (subprocessors) to help deliver our services. This page lists all subprocessors that may process personal data on our behalf. We evaluate each subprocessor's security practices, data protection measures, and compliance certifications before engagement.

Per our Data Processing Agreement, we provide at least 30 days advance notice before adding or replacing a subprocessor. Customers can subscribe to subprocessor change notifications by contacting legal@hailsentinel.com.

2. Current Subprocessors

The following third-party providers may process personal data on behalf of Hail Sentinel in connection with the delivery of our services:

Subprocessor Purpose Data Processed Location Certifications
Google Cloud Platform Cloud infrastructure, compute, storage, networking All service data United States (us-central1)
SOC 2 Type II ISO 27001 ISO 27017 ISO 27018 PCI DSS CSA STAR FedRAMP
Firebase (Google) Authentication, Firestore database, Cloud Functions, Hosting Account data, application data, authentication tokens United States (nam5)
SOC 2 Type II ISO 27001
RevenueCat Subscription management, entitlement verification Subscription status, purchase receipts, anonymous user IDs United States
SOC 2 Type II
Twilio SMS alert delivery Phone numbers, alert content United States
SOC 2 Type II ISO 27001
SendGrid (Twilio) Email alert delivery, transactional emails Email addresses, alert content United States
SOC 2 Type II ISO 27001

Google Cloud Platform

PurposeCloud infrastructure, compute, storage, networking
Data ProcessedAll service data
LocationUnited States (us-central1)
Certifications
SOC 2 Type II ISO 27001 ISO 27017 ISO 27018 PCI DSS CSA STAR FedRAMP

Firebase (Google)

PurposeAuthentication, Firestore database, Cloud Functions, Hosting
Data ProcessedAccount data, application data, authentication tokens
LocationUnited States (nam5)
Certifications
SOC 2 Type II ISO 27001

RevenueCat

PurposeSubscription management, entitlement verification
Data ProcessedSubscription status, purchase receipts, anonymous user IDs
LocationUnited States
Certifications
SOC 2 Type II

Twilio

PurposeSMS alert delivery
Data ProcessedPhone numbers, alert content
LocationUnited States
Certifications
SOC 2 Type II ISO 27001

SendGrid (Twilio)

PurposeEmail alert delivery, transactional emails
Data ProcessedEmail addresses, alert content
LocationUnited States
Certifications
SOC 2 Type II ISO 27001

3. Infrastructure Subprocessors

The following services are used as part of our Google Cloud Platform infrastructure and do not independently process personal data:

Service Purpose
Artifact Registry Container image storage for pipeline workloads
Cloud Scheduler Cron-based job scheduling
Cloud Tasks Asynchronous task processing
Pub/Sub Event-driven message routing
BigQuery Data warehouse for hail event analytics
Cloud Monitoring Infrastructure metrics and alerting

4. Data Flow Summary

All data flows between Hail Sentinel and subprocessors are encrypted in transit using TLS 1.3 (minimum TLS 1.2). Data at rest is encrypted using AES-256. No subprocessor stores raw API keys or authentication credentials — all sensitive values are hashed before transmission.

5. Subprocessor Changes

We notify customers of subprocessor changes through:

  • Email notification to the account's designated privacy contact
  • Updates to this page
  • DPA notification provisions (30 days advance notice)

Last subprocessor change: March 2026 — Initial publication

6. Contact

For questions about our subprocessors or to subscribe to change notifications:

Icarus Inc.

Legal: legal@hailsentinel.com
Privacy: privacy@hailsentinel.com