Your data stays yours.
This page explains, in plain English, what personal data Tracera (operated by GoTrust BV) processes when you visit tracera.eu, use the Tracera analytics platform, or interact with us by email. No dark patterns. No hidden clauses.
1. Who we are
Tracera is operated by GoTrust BV, a Belgian limited company registered at Morelgem 24B, 9520 Vlierzele, Belgium, with VAT number BE 1037.576.138. We are the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (GDPR) for the data described below.
For any privacy-related question, write to privacy@tracera.eu or to the postal address above.
2. Two data flows, separated
Tracera processes personal data in two strictly separated contexts. Each has its own basis, scope, and retention.
2a. tracera.eu (this marketing website)
| Category | Examples | Why |
|---|---|---|
| Server logs | IP address, browser user-agent, requested URL, timestamp, HTTP status | Operating the website, abuse protection, debugging (legitimate interest, Art. 6(1)(f) GDPR). Retained for a maximum of 14 days. |
| Email correspondence | Your email address, content of messages, sales-form submissions | Replying to your message and handling pre-contractual contact (Art. 6(1)(b) GDPR if pre-contractual, Art. 6(1)(f) otherwise). Retained as long as commercially relevant, then archived or deleted. |
| Cookie acknowledgement | Your "Got it" click stored in localStorage as tracera_consent_v1 |
Remembering so we don't ask again on every page load (necessary, Art. 6(1)(f) + ePrivacy strict-necessity exemption). |
This marketing site loads no third-party analytics, advertising, or tracking. We do dogfood our own Tracera tracker on this site (/t.js, public ingest key pk_traceraeu_demo) — which means visiting this page sends exactly one cookieless, IP-discarded pageview to our own EU-hosted ingest endpoint, with no cookie set and no persistent identifier created.
2b. Tracera analytics platform (portal.tracera.eu)
When you use Tracera as a customer to track visitors to your own sites and apps, Tracera acts as a data processor on your behalf (you are the controller). A separate Data Processing Agreement (DPA) governs that relationship.
By design, Tracera never stores personally identifying information about your visitors:
- No cookies placed on visitor devices.
- No persistent identifiers: visitor IDs are a daily-rotating salted hash that becomes unrecoverable after 24 hours.
- IP addresses are used in-memory only for country/region geo-lookup, then discarded; nothing IP-related is ever written to disk.
- No data sale, no data sharing, no advertising integrations — ever. This is structural, not a policy choice we can later reverse.
3. What we do NOT collect
- No Google Analytics, Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, or any other third-party advertising/behavioural tracker.
- No browser fingerprinting, device-graph linking, or cross-site identifiers.
- No data sale or rental, to anyone, ever.
- No use of US-based marketing platforms subject to the US CLOUD Act for tracking purposes.
4. Where your data is stored
All Tracera infrastructure runs on European hardware located in Belgium. Server logs, customer event data, and account metadata never leave the EU/EEA.
If you contact us by email, your message is handled on a European mail provider (Canvos.eu, also operated by GoTrust BV).
5. Sub-processors
For the marketing site we share data only with:
- EU hosting infrastructure provider (Belgium) — processing server logs on our behalf. Current provider is named in our DPA upon request.
- Let's Encrypt (US non-profit) — TLS certificate issuance. Receives only the domain name, no visitor data.
For the Tracera analytics platform, a current sub-processor list is maintained as part of the DPA and shared with customers; changes are notified 30 days in advance.
6. How long we keep it
- Marketing-site server logs: up to 14 days.
- Email correspondence: as long as commercially relevant (typically up to 7 years for invoicing-related context, per Belgian Code of Companies).
- Cookie acknowledgement: until you clear your browser's localStorage.
- Customer event data on the analytics platform: per the per-tenant retention policy you set as the controller, default 13 months.
7. Your rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data, subject to legal retention obligations (Art. 17)
- Restrict processing (Art. 18)
- Receive your data in a portable format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time, without affecting past processing (Art. 7(3))
To exercise any of these rights, email privacy@tracera.eu. We respond within 30 days.
8. Complaints
You always have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données):
Drukpersstraat 35, 1000 Brussels, Belgium · www.dataprotectionauthority.be
9. Changes to this policy
Material changes are published here at least 30 days before they take effect, and the version number at the top is incremented. Previous versions remain available on request.
10. Contact
GoTrust BV · Morelgem 24B, 9520 Vlierzele, Belgium · VAT BE 1037.576.138
Privacy contact: privacy@tracera.eu