SubGrade (“we,” “us,” “our”) is a satellite intelligence platform operated by Keystone Digital Labs LLC, a Pennsylvania limited liability company. We operate the website and API at subgrade.io.
This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
SubGrade processes Sentinel-2 satellite imagery to detect land clearing, construction, and ground disturbance. We deliver this intelligence through a public and authenticated REST API, an interactive web Explorer, CSV exports, and AI assistant integrations via Model Context Protocol (MCP).
SubGrade is a data infrastructure product. We serve data to you. We do not aggregate or sell your personal data to third parties. Your relationship with SubGrade is straightforward: you query our API and we return detection data and satellite imagery.
When you create an account, we collect:
We do not collect your name, company name, phone number, password, or physical address at signup.
When you use the SubGrade API (public or authenticated) or access SubGrade through an AI assistant via MCP, we log:
MCP queries log the same data as API queries (coordinates, timestamp, IP address). API and MCP usage logs are used for metering (tracking your usage against your tier limits), rate limiting, abuse prevention, debugging, and platform improvement.
When you access public endpoints or browse the Explorer without an account, we collect only standard server-level data: IP address, request parameters, and timestamp. This data is not linked to any identity because no account exists.
When you subscribe to the Pro tier, payment is processed by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. Stripe handles all payment data in accordance with PCI-DSS standards. We receive from Stripe: a confirmation of payment, subscription status, and transaction metadata.
SubGrade uses browser local storage solely for:
We do not use cookies of any kind. We do not use analytics cookies, advertising cookies, or tracking cookies. We do not use PostHog, Google Analytics, or any third-party analytics service.
To be explicit about what we do not collect:
We may send periodic product updates, construction activity reports, and service-related communications to users who have signed up for an account or downloaded a report. You may unsubscribe from non-essential communications at any time by following the unsubscribe link in the email or contacting us at contact@subgrade.io.
We use the following third-party services that may process data in connection with your use of SubGrade:
| Service | Purpose | Data Involved |
|---|---|---|
| Railway | Application hosting and PostgreSQL database | All platform data (server-side, encrypted in transit) |
| Supabase | User authentication | Email address, authentication tokens |
| Stripe | Payment processing for Pro subscriptions | Email, payment details, subscription status |
| Amazon Web Services (AWS) | Cloud-Optimized GeoTIFF (COG) imagery hosting | Before/after satellite imagery fetched server-side; no user data sent |
| CartoDB/CARTO | Map tile basemaps for the Explorer | Your IP address and browser metadata (standard tile server requests from your browser) |
| Leaflet.js (via unpkg CDN) | Map library loaded in your browser | Your IP address (standard CDN request) |
| Google Fonts | Inter font family for the website | Your IP address (standard CDN request) |
| Nominatim/OpenStreetMap | Reverse geocoding on the construction-suppliers page | Coordinates you search (no personal data) |
| Copernicus Data Space | Sentinel-2 satellite imagery source | Detection coordinates (server-side, no user data sent) |
Each of these services has its own privacy policy. CartoDB, Google Fonts, and the unpkg CDN are loaded client-side, which means your browser makes direct requests to these services when you use the Explorer. These requests expose your IP address to those services, as is standard for any website that loads external resources.
We do not sell your personal information. Unlike some of our other products, SubGrade does not aggregate user data into a product sold to others. You are the customer, not the product.
We share data only as follows:
You have the right to:
If you are a California resident, you have rights under the California Consumer Privacy Act:
To exercise any of these rights, contact us at contact@subgrade.io. We will verify your identity and respond within 45 days as required by law.
If you are a resident of the European Union or European Economic Area:
To exercise any of these rights, contact us at contact@subgrade.io.
Residents of Colorado, Connecticut, Virginia, and other states with consumer privacy laws may have additional rights similar to those described above. Contact us at contact@subgrade.io to exercise any applicable rights.
SubGrade is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has created an account, contact us and we will delete it promptly.
We implement reasonable security measures to protect your data:
No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify affected users within 60 days of discovery and comply with applicable breach notification laws, including Pennsylvania’s Breach of Personal Information Notification Act.
We do not track users across websites. We do not use analytics or advertising tracking. Because we perform no tracking, Do Not Track browser signals do not change our behavior — there is no tracking to disable.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a notice on the platform at least 14 days before the changes take effect. Your continued use of the platform after the effective date constitutes acceptance.
For privacy-related questions or requests:
Email: contact@subgrade.io
Mail:
Keystone Digital Labs LLC
4069 Green Park Drive
Mount Joy, PA 17552