Subprocessors

Last updated: June 6, 2026

Securicom uses a small number of vetted third-party services (“subprocessors”) to operate Securicom Central. Each one is bound by a data processing agreement that limits how it may use personal data your Organization shares with us. The table below is the current authoritative list.

We notify Organization owners by email at least 30 days before adding or replacing a subprocessor, except where doing so would delay a security-critical change.

To object to a new subprocessor, contact privacy@securicomnet.com within the notice window.

DigitalOcean

TOR1

Purpose: Primary cloud hosting — application droplet, managed PostgreSQL, managed Redis/Valkey, Spaces (object storage), Container Registry.
Data categories: Account data, operational data, equipment records, AI Expert conversations, audit log, file uploads.
Location: TOR1 (Toronto, Canada) — selected for data residency.

Cloudflare

Global

Purpose: DNS resolution, TLS edge termination, Web Application Firewall (OWASP managed rules), DDoS protection, bot mitigation.
Data categories: IP addresses and TLS handshake metadata of inbound requests.
Location: Global edge — request terminates at the nearest point of presence.

Postmark

United

Purpose: Transactional email delivery — account invitations, password resets, work-order notifications, vendor token links.
Data categories: Recipient email address, subject line, email body, delivery status.
Location: United States.

Sentry

United

Purpose: Error tracking and performance monitoring of the application server and browser clients.
Data categories: Stack traces, request IDs, user IDs (no PII attached by default — `send_default_pii=False`), browser metadata.
Location: United States. EU-region project available on request.

OpenAI (or comparable LLM provider)

United

Purpose: Generation backend for the AI Security Expert. Receives only the question and the retrieved context from your own data; does not receive account credentials, MFA secrets, or unrelated tenant data.
Data categories: Question text, retrieved context snippets from your Organization, conversation IDs.
Location: United States. The provider contractually does not retain prompts for model training; deletion within 30 days of submission.