Overview
This page explains how UserTrail approaches international data transfers for personal data processed through the service. Transfer requirements depend on where customers, visitors, UserTrail infrastructure, and subprocessors are located.
International transfers
How UserTrail approaches cross-border processing, subprocessors, and transfer safeguards.
Last updated: June 6, 2026Infrastructure and providers
- DigitalOcean is used for servers, storage, and databases.
- Private Email is used for email hosting and delivery.
- Stripe is used for payment processing and billing.
Potential transfers
Personal data may be processed in locations where UserTrail, its infrastructure providers, or subprocessors operate. Customers should review their own obligations if they transfer EU, EEA, UK, or other regulated personal data through UserTrail.
Transfer safeguards
- Adequacy decisions where the destination country has been recognised as providing adequate protection.
- Standard Contractual Clauses for EU GDPR restricted transfers where required.
- UK International Data Transfer Agreement or UK Addendum for UK GDPR restricted transfers where required.
- Supplementary technical and organisational measures where appropriate.
Customer responsibilities
- Identify where your website visitors are located.
- Assess whether visitor data transferred through UserTrail creates restricted transfer obligations.
- Review subprocessors and transfer safeguards before using UserTrail for regulated personal data.
- Avoid sending sensitive or unnecessary personal data through UserTrail.
Security measures
UserTrail uses technical and organisational measures intended to protect data during processing, including authenticated access, permission controls, infrastructure security practices, and provider security controls.
Contact
For transfer questions, contact info@usertrail.io.