Data Processing Addendum & Sub-processors
Last updated: 2 July 2026
This page summarizes how FaulTrace processes customer personal data on your behalf and lists the sub-processors we engage. A countersigned Data Processing Addendum (DPA) incorporating the EU Standard Contractual Clauses is available for customers with GDPR/UK-GDPR obligations — contact hello@faultrace.com.
Roles
For the model content you store in your instance, you are the data controller and FaulTrace is the data processor. We process that content only to provide the Service and on your documented instructions.
Our commitments as processor
Persons we authorize to process customer personal data are bound by confidentiality obligations. We engage sub-processors only under written terms imposing data-protection obligations materially equivalent to ours, and we remain responsible for their performance. Taking into account the nature of the processing, we will assist you with data-subject requests and with your security, breach-notification, and impact-assessment obligations, and will make available information reasonably necessary to demonstrate compliance with this page. You may object to a newly listed sub-processor within 30 days of it appearing on this page; if we cannot reasonably accommodate your objection, you may cancel the affected subscription and receive a pro-rata refund of prepaid, unused fees.
Sub-processors
| Sub-processor | Purpose | Data |
|---|---|---|
| DigitalOcean | Cloud hosting of the control plane and each customer's dedicated instance | Account, billing metadata, and model content |
| Stripe | Payment processing and subscription billing | Name, email, and payment details (card data held by Stripe) |
| Anthropic / OpenAI (bring-your-own-key) | Optional AI-assistant features. You supply your own API key or provider account, so these providers process your content under your own agreement with them rather than as our sub-processors. | The model content and files you choose to use with AI features |
| Forward Email (forwardemail.net) | Forwarding of email sent to our support and contact addresses | The contents of email you send to hello@faultrace.com |
| Mailbox hosting for our support email | The contents of email you send to hello@faultrace.com |
AI features are disabled by default and do not operate until you add your own AI provider credential to your instance. When you use them, the content you choose to send is transmitted to that provider under your own agreement with the provider; we do not store your API keys on our servers. If you enable the optional ChatGPT sign-in mode, its sign-in token is stored only on your own instance. You can remove your credential and stop all AI transmission at any time.
Security & isolation
Each paid customer is provisioned onto its own isolated instance, served over HTTPS, with data kept separate from other customers'. Fleet-management credentials — our cloud provider API tokens and license signing keys — are held only on our control-plane host and are never placed on customer instances. Each customer instance holds only its own instance-specific secrets (its application secret, its provisioning credential, and its initial administrator sign-in), which grant no access to any other customer’s instance.
Hosting location. Our control plane and each customer instance are hosted with DigitalOcean in the United States (New York region). If you access the Service from outside the United States, your data is transferred to and processed in the United States.
Breach notification
If we become aware of a personal data breach affecting customer personal data we process on your behalf, we will notify you without undue delay at your account owner’s email address, describe what we then know about its nature and scope, and keep you reasonably informed as we investigate and remediate.
Deletion on termination
When your subscription ends and the 3-day reinstatement window after the end of your paid period lapses, your instance is decommissioned and its virtual machine destroyed. A final snapshot of the instance’s data may be retained so your account can be restored on request; we will delete a retained final snapshot on your written request to hello@faultrace.com. Billing records are retained as required for legal and accounting purposes.
Changes & notice
We will update this list before engaging a new sub-processor that processes customer personal data. Contact us to request advance notice of changes.