We hold the minimum. Everywhere.

Sutrace is an EU-registered B2B observability platform. For the personal data you submit when you sign up or use the service, the controller is Sutrace (legal entity to be confirmed), Luxembourg / Germany. For telemetry you configure Sutrace to ingest from your own systems, you are the controller and Sutrace is a processor acting on your documented instructions under our Data Processing Addendum.

• Account data — email, workspace name, display name, chosen theme. Legal basis: contract (GDPR Art. 6(1)(b)).
• Billing data — company name, billing email, VAT number, payment reference (card is processed by Stripe, we never see it). Legal basis: contract + legal obligation.
• Operational telemetry you configure — metrics, traces, logs, device identifiers, LLM token counts + hashes. Legal basis: contract (you instruct the ingest).
• Security logs — IP address, user agent, request path, response code, timestamp. Legal basis: legitimate interest (detecting abuse, GDPR Art. 6(1)(f)).
• Support correspondence — anything you email privacy@ / security@ / support@. Legal basis: legitimate interest + contract.

• Content of alert message bodies, LLM prompts, LLM completions, or HTTP request/response bodies > 1 KB — our on-host redaction strips these by default (see /legal/security).
• Third-party advertising or session-replay trackers. We run none.
• Biometric, special-category, or health data. If you configure the product to ingest any, you are on notice that you must have a lawful basis — we refuse to process special-category data without a signed addendum.
• Children’s data. Sutrace is a B2B product and not directed at anyone under 16.

EU workspaces are pinned to europe-west3 (Google Cloud, Frankfurt). US workspaces to us-central1 (Iowa). Self-hosted deployments stay on your infrastructure. Our only subprocessors are listed at /legal/subprocessors. We do not transfer personal data outside the chosen region without one of: (a) a Commission adequacy decision (including the EU-US Data Privacy Framework, where the importer is self-certified), (b) the 2021 EU Standard Contractual Clauses Modules 2 or 3 with appropriate supplementary measures, (c) the UK ICO Addendum for UK-origin data, or (d) the FDPIC-recognized Swiss overlay.

• Account + workspace data — for as long as the workspace is active, then 30 days for export, then deleted.
• Operational telemetry — the retention you choose on your plan (7 / 30 / 90 days / 1 year); then deleted.
• Security logs — 30 days rolling; aggregated statistics kept indefinitely.
• Billing records — 10 years (legal obligation in most EU jurisdictions).
• Support correspondence — 2 years from last message.

Depending on your jurisdiction you have the right to access, rectify, erase, restrict, port, or object to our processing of your personal data, and to withdraw consent where consent is the legal basis. Request any of these by emailing privacy@sutrace.io. We respond within 30 days (extendable once by a further 60 days for complex requests, under GDPR Art. 12(3)). If you are unhappy, you can complain to your local supervisory authority — our lead supervisory authority is the German federal DPA (BfDI), because our primary infrastructure sits in europe-west3.

Settings → Workspace → Delete workspace. Auth identity, all Firestore documents, all Storage objects are removed within 30 days from queued backups and production. Email privacy@sutrace.io first if you want a machine-readable copy of everything we hold.

If a personal-data breach affects your workspace, we notify the customer contact on file within 72 hours of confirmation, with what we know, what we don’t, what we’re doing, and what you may need to do. For EU controllers this supports your Art. 33 obligation to the supervisory authority.

Sutrace does not make automated decisions with legal or similarly significant effect about data subjects. Our alerting engine is an aggregation over signals you configure — outputs (alerts, anomaly flags) are advisory, not determinative, and are reviewed by a human in your organisation before action.

Lead supervisory authority: BfDI (Germany). Data protection officer (DPO): upcoming appointment — contact privacy@sutrace.io meanwhile. Transfers: 2021 SCCs Modules 2 + 3 + EU-US DPF where available. Records of processing are maintained per Art. 30 and shared with auditors on request.

UK transfers rely on the ICO-issued International Data Transfer Addendum to the 2021 SCCs. UK supervisory authority: the Information Commissioner’s Office.

Transfers rely on the FDPIC-recognized 2021 EU SCCs with the Swiss overlay. Supervisory authority: FDPIC.

For customer data processed on your behalf, Sutrace is a service provider as defined in Cal. Civ. Code §1798.140(ag). We do not sell or share personal information, retain it beyond the business purpose you set, or process it for any purpose other than the ones named in our DPA. California residents may request access or deletion via privacy@sutrace.io. We honor the Global Privacy Control (GPC) signal.

Sutrace acts as an operador. Customer is the controlador. Data-subject rights and breach process mirror GDPR. ANPD is the supervisory authority.

Quebec-resident data is subject to Law 25 cross-border transfer disclosure; by using Sutrace you acknowledge your data is processed outside Quebec (europe-west3 by default) under GDPR-equivalent safeguards. Privacy officer contact is the same privacy@sutrace.io alias.

Covered by the APPs where Sutrace has an Australian link. Notifiable Data Breaches scheme applies; we commit to 72h customer notification which supports your 30-day OAIC notification window.

Cross-border transfers into Japan rely on Japan’s PPC-recognized safeguards. Controller-to-processor terms are reflected in the DPA.

Korean cross-border transfers follow PIPA Art. 28-8 with the required disclosures to data subjects. Enterprise deals in Korea may require a separate consent flow; we provide it on request.

Material changes are announced in-product and by email to billing contacts at least 30 days before they take effect. This page maintains a version line at the top.