Legal
Subprocessors
Last updated: March 5, 2026
1. What Are Subprocessors?
Traceable Digital uses carefully selected third-party service providers ("subprocessors") to operate and deliver the Platform. A subprocessor is any entity that processes personal data or customer data on our behalf in the course of providing our services.
Under the General Data Protection Regulation (GDPR) and our Data Processing Agreement, we are required to maintain a list of subprocessors and to inform our customers when we engage new subprocessors or make material changes to existing ones.
Each subprocessor is bound by a data processing agreement that imposes data protection obligations no less protective than those in our own Data Processing Agreement. We conduct due diligence on all subprocessors before engagement, including assessment of their security practices, GDPR compliance, and data transfer mechanisms where applicable.
2. Notification of Changes
We will notify customers at least 30 days before engaging a new subprocessor or making a material change to an existing subprocessor. Notification will be sent to the email address associated with your account.
Notifications will include the name of the new subprocessor, its purpose, location, and the categories of data it will process. The "Last updated" date on this page will also be revised when changes are made.
3. Right to Object
If you have a reasonable objection to a new subprocessor based on data protection grounds, you may notify us in writing at privacy@traceable.digital within 30 days of the notification. Your objection must include specific, documented reasons related to data protection.
Upon receipt of a valid objection, we will work in good faith to address your concerns. This may include offering an alternative configuration that avoids the subprocessor in question, providing additional safeguards, or agreeing to a reasonable workaround. If we are unable to resolve the objection within 30 days, you may terminate the affected services in accordance with the Terms of Service without penalty.
4. Current Subprocessors
The following table lists all third-party subprocessors currently engaged by Traceable Digital to process data on behalf of our customers.
| Subprocessor | Purpose | Location | Data Processed |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure hosting | Ireland (eu-west-1) | All customer and platform data |
| Cloudflare | CDN, DDoS protection, DNS | Global (EU-primary) | Website traffic data, IP addresses |
| Anthropic | AI document intelligence | United States (SCCs in place) | Uploaded documents for data extraction |
| Resend | Transactional email delivery | United States (SCCs in place) | Email addresses, notification content |
| Stripe | Payment processing | United States (SCCs in place) | Billing data, payment card tokens |
| Google (GTM/GA) | Website analytics | United States (SCCs in place) | Anonymous usage data, IP addresses |
| Microsoft (Clarity) | Session analytics, heatmaps | United States (SCCs in place) | Anonymous usage data, session recordings |
| Calendly | Demo scheduling | United States (SCCs in place) | Name, email for scheduling |
| Hetzner / Lightsail | WordPress hosting | Ireland | Website content delivery |
Where a subprocessor is located outside the European Economic Area, Standard Contractual Clauses (SCCs) adopted by the European Commission are in place to ensure an adequate level of data protection in accordance with GDPR Chapter V.
Contact
If you have questions about our subprocessors or wish to object to a new subprocessor, contact us at privacy@traceable.digital. For general legal enquiries, contact legal@traceable.digital.