DATRUM relies on the third parties below to operate this website and deliver client projects. Each one receives a defined slice of data on our behalf. We disclose them here per GDPR Article 28 and Ley 81 transparency requirements.
| Provider | Purpose | Data processed | Region |
|---|---|---|---|
| Cloudflare | Hosting, CDN, DDoS protection, edge runtime | Request metadata (IP, user-agent, URL) — required to serve pages | Global edge · DPA: link |
| Google Analytics 4 | Aggregate traffic analytics (only with consent) | Anonymized IP, pageviews, device class. No personal identifiers. | US · privacy |
| GitHub | Source code hosting + CI deploy trigger | None at runtime — repo metadata only at build time | US · privacy |
| thum.io | Generating thumbnail previews of client websites | Public URL strings of client sites (no visitor data) | US · privacy |
| jsPDF (CDNJS) | Client-side PDF generation for the diagnostic report | Library file served from CDN. No data leaves your browser. | CDN · privacy |
| Calendly | Strategy session scheduling (only if you click "Schedule") | Name, email, meeting time you provide on their form | US · privacy |
| Cloudflare Workers (DATRUM) | Storing diagnostic responses + emailing PDF reports | Email + URL you submitted, diagnostic scores | Cloudflare edge · operated by DATRUM |
The list below is informational. When DATRUM builds a site or app for a client, we may integrate any combination of these providers depending on the project scope. Each client engagement comes with its own subprocessors list as part of the deliverables.
| Stripe | Payments — PCI DSS Level 1 processor |
| Resend / SendGrid | Transactional email |
| Cloudflare D1 / R2 / KV | Edge databases and object storage |
| Google Sheets API | Lightweight data capture (low-volume forms) |
| WhatsApp Business | Customer chat CTA |
To request access, correction, or deletion of data DATRUM holds about you — or to ask which subprocessor handles a specific piece of information — email [email protected]. We respond within 30 days, as required under GDPR Articles 15–17 and Ley 81 Articles 13–16.
We update this page whenever we add or remove a subprocessor. The "Last updated" date at the top is the source of truth. Material changes are also reflected on our changelog.