Legal
Last updated: July 18, 2026
Gradeloguses a limited number of carefully selected third-party service providers (“sub-processors”) to deliver our field documentation platform. Each sub-processor processes personal data only to the extent necessary to provide their specific service.
We enter into data processing agreements (DPAs) with sub-processors where applicable, and require them to implement appropriate technical and organizational security measures.
Data Ownership
You own your field data, photos, and job records. Sub-processors receive access only as necessary to provide the service you use. They do not use your data for their own purposes beyond what is described here.
Primary database, file storage, and real-time subscriptions. Stores all account data, field records, photos, job information, and calibration logs. Row-Level Security enforces organizational data isolation.
Web application hosting, serverless function execution, edge caching, and content delivery. Handles all web traffic and API requests for gradelog.com.
Powers the Gradelog AI Field Assistant. Processes your conversation messages and session context to generate responses about equipment, field procedures, error codes, and calibration. Interactions are subject to Anthropic's API terms and privacy policy.
Subscription payment processing, billing management, invoice generation, and payment method storage. Gradelog does not store raw payment card data — all payment information is tokenized and processed by Stripe.
Email delivery platform for subscription renewal reminders, onboarding sequences, product updates, billing notifications, and marketing communications. Stores your email address and email engagement data.
Website and product analytics. Collects aggregated, anonymized data about page views, session duration, feature usage, and user flows. Used to understand and improve platform performance and UX. Only activated with cookie consent.
In-product behavioral analytics and session insight. Tracks feature usage, funnel analysis, and user flows to help us prioritize improvements. Self-hosted or cloud; data is anonymized where possible. Only activated with cookie consent.
Tracks marketing ad conversions and enables retargeting campaigns on Meta platforms. Only loaded when cookie consent is granted and GPC opt-out is not detected.
Identifies the company associated with a site visitor's IP address for B2B outreach. Not loaded if a Global Privacy Control (GPC) opt-out signal is detected or marketing consent is denied.
Application performance monitoring and error tracking. Captures error stack traces, performance metrics, and session data when the app encounters an unexpected error. PII scrubbing is configured to minimize personal data in error reports.
All current sub-processors are based in, or process data primarily in, the United States. Your data is stored in AWS us-east-2.
If you are located in the EU, UK, Canada, or Australia, your data is transferred to the US. We rely on the following safeguards:
Service Level Agreement
For uptime commitments, support response targets, and service credit terms, see our Service Level Agreement.
We will update this page when we add, remove, or materially change a sub-processor. The “Last updated” date at the top reflects the most recent change.
Enterprise customers on a Data Processing Agreement may be entitled to prior notice of sub-processor changes per their agreement terms. Contact legal@gradelog.com for enterprise DPA inquiries.
Questions about Sub-Processors?
Privacy: privacy@gradelog.com
Legal / DPA: legal@gradelog.com