Sub-processors
Version 1.0 · last updated 3 May 2026
This page lists the third parties to which Altanest SAS (operating GO TRACE at go-trace.com) discloses personal data, the role each plays, where they are located, and the legal mechanism that covers any cross-border transfer. It is the standalone reference list that mirrors §5 of our Privacy Policy; it exists so B2B procurement teams can bookmark it.
1. Notice commitment
We commit to giving 30 days' advance notice of any material change to this list (addition of a new sub-processor, change of role, change of location, or change of transfer mechanism). Notice is published by:
- Updating this page and the version number / "last updated" date at the top;
- Updating §5 of the Privacy Policy in lockstep;
- Listing the change in the version history at the bottom of this page.
If you have an active contractual relationship with us and prefer notification by email, write to contact@go-trace.com and we will add you to the change-notification list.
2. Current sub-processors
| Sub-processor | Role | Location | Transfer mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Web hosting and server infrastructure for both go-trace.com and our self-hosted Umami analytics endpoint | Nuremberg, Germany (EU) | Within the EEA: no transfer mechanism required |
| Web3Forms (operated by Statichunt) | Contact-form forwarding. Receives submissions from /contact and /fr/contact, retains them for up to 30 days for delivery and audit, relays to our inbox by SMTP, then auto-deletes. | India | European Commission's 2021 Standard Contractual Clauses (SCCs) |
| Google Ireland Ltd. (Google Workspace) | Email service for @go-trace.com addresses; receives the body of email correspondence with us. | Dublin, Ireland (EU); sub-processors may be in the United States | EU–US Data Privacy Framework certification and/or Standard Contractual Clauses |
3. Independent controllers, not our processors
The following parties may receive your data when you choose to interact with them, but they act as independent data controllers (or joint controllers) on their own legal basis. We are not their processor and they are not ours.
| Party | Role | Where engaged |
|---|---|---|
| Teachable Inc. | Course delivery platform; receives your enrolment data and processes payment when you buy a course. | The separate Teachable subdomain reached when you purchase a course. Governed by Teachable's own Privacy Policy. |
| LinkedIn Corporation | Receives your subscription data when you subscribe to "The GO TRACE News Thread" newsletter on LinkedIn. | External LinkedIn newsletter platform. Governed by LinkedIn's own privacy policy. |
4. Self-hosted infrastructure (no third-party processor)
The following processing happens on our own infrastructure and does not involve any third-party processor:
- Self-hosted Umami analytics at
analytics.conclavik.com. Operated by Altanest SAS under the Conclavik brand on the same Hetzner box asgo-trace.com. See §5 of the Privacy Policy for full details. - Web-server access logs on the same Hetzner box. Standard nginx logs, kept at most 30 days.
5. Not currently used
For full transparency, the following providers have DKIM records on the go-trace.com DNS zone (legacy configuration) but are not currently used for any processing of your data: Brevo and MailerLite. If we activate either in the future we will update this page and §5 of the Privacy Policy 30 days in advance.
6. Data Processing Agreements
Where required by GDPR Article 28, a written Data Processing Agreement (DPA) is in place with each sub-processor. A copy of any DPA is available to data subjects and B2B clients on request from contact@go-trace.com.
If you are a B2B client and need Altanest SAS to sign your DPA template (for example because we handle some of your supplier data under a Compliance Partner engagement), see /dpa.
7. Version history
- v1.0, 2026-05-03: page first published as a standalone mirror of Privacy Policy §5. Sub-processors covered: Hetzner, Web3Forms, Google Workspace. Independent controllers: Teachable, LinkedIn. Self-hosted: Umami, server logs. Not active: Brevo, MailerLite.