This page lists all third-party entities ("Subprocessors") that Skyes Over London LC engages to process personal data on behalf of customers. We maintain appropriate data processing agreements with all Subprocessors. Changes to this list are notified to customers with at least 15 days advance notice as described in the DPA.
| Subprocessor | Purpose | Data Processed | Location | Transfer Mechanism |
|---|---|---|---|---|
| Netlify, Inc. Privacy Policy |
Application hosting, serverless function execution, CDN | All data traversing the application layer, including HTTP request/response data, function logs | USA (global CDN) | SCCs (EU–US) |
| Neon Inc. Privacy Policy |
PostgreSQL database (primary + read replicas) | User accounts, workspace content, usage logs, audit events, session data, file embeddings | USA (AWS us-east-1) | SCCs (EU–US) |
| Stripe, Inc. Privacy Policy |
Payment processing and subscription management | Billing name, email address, payment method data (card numbers processed exclusively by Stripe — kAIxU does not receive or store raw card data) | USA (global) | SCCs (EU–US); Stripe is a certified PCI DSS Level 1 provider |
| Twilio SendGrid Privacy Policy |
Transactional email delivery (verification, password reset, invitations, billing notifications) | Email address, email content | USA (global) | SCCs (EU–US) |
| kAIxU Gateway (Skyes Over London LC) Proprietary infrastructure |
AI inference gateway — routes all AI requests through a hardened, proprietary proxy. Vendor API keys never leave this infrastructure. | Content of AI prompts (code, text) submitted for AI-assisted editing or semantic search. No persistent storage of prompt content after the request completes. | USA (Cloudflare global network) | Controller entity — no transfer mechanism required |
| Sentry (Functional Software, Inc.) Privacy Policy |
Application error monitoring and alerting | Error stack traces, request metadata. Sentry is configured to scrub personally identifiable information from error payloads. | USA | SCCs (EU–US) |
| GitHub (Microsoft Corporation) Privacy Policy — Conditional |
Source code push/pull via GitHub integration (only for users who explicitly connect a GitHub account) | GitHub OAuth access token, repository metadata, file content pushed by the user | USA (global) | SCCs (EU–US); only engaged when user activates GitHub integration |
We will notify customers of any addition or replacement of a Subprocessor at least 15 calendar days before the change takes effect by:
If a customer objects to a change, they must notify us in writing to legal@kaixu.app within 15 days. We will work in good faith to address the concern. If we are unable to offer a reasonable alternative, the customer may terminate their subscription with a pro-rated refund for any unused prepaid term.
| Subprocessor | Removed Date | Reason |
|---|---|---|
| No subprocessors have been removed to date. | ||
For questions about our Subprocessors or data processing practices:
privacy@kaixu.app