Subprocessors · Reviewed July 14, 2026
Who handles UpTrip data.
The companies that support UpTrip, what they process, and whether each connection is in use.
| Provider | Purpose and data | Current state |
|---|---|---|
| Vercel | Application hosting, delivery, security and runtime logs; may process request metadata and data sent to server functions. | Active for the public application. |
| Auth0 by Okta | Authentication and account identity; verified email, display name, session and security data. | Configured for account authentication. Callback, MFA, and deletion checks still apply. |
| Neon | Managed Postgres storage for account, agreement, waitlist, trip, loyalty, support and audit records. | Connected. Schema and catalog status are checked separately. |
| Resend | Requested transactional email; recipient, message content, invitation link and delivery state. UpTrip stores only its template name, provider message identifier, status and bounded error code; open and click events are ignored. | Configured for transactional email. Verified-domain delivery and signed webhooks still apply. |
| AwardWallet | Public point valuation data contains no user information. Optional Account Access would receive connection state and return approved loyalty balances/status. | Public values are requested server-side. Account Access is disabled pending partner approval, credentials and individual permission. |
Before a provider goes live
A provider that receives personal data may be activated only after UpTrip records its role, service terms or processing agreement, security review, processing locations, deletion path, subprocessor terms and lawful transfer mechanism where needed. An integration appearing in the code does not mean its contracts are complete or that it is active.
Changes
Material provider changes will be posted before activation. Account holders may object or request more information through Your Privacy Choices.
