Privacy

No cookies. No cross-site tracking. No surprise.

NextTrace is a static marketing site hosted on Cloudflare Pages. We do not set cookies. We do not track visitors across sites. We use Cloudflare’s privacy-first Web Analytics to measure aggregate traffic on this site — server-side counts for every visit, plus a Real-User-Measurements JS beacon that only fires for visitors outside the EU. EU visitors receive no third-party JavaScript at all.

Controller

Who is responsible.

The data controller (per GDPR Art. 4) is NextTrace, Berlin, Germany. Legal operator details are in the imprint. Contact for data requests: hello@nexttrace.io.

What we process

Server logs and aggregate traffic.

Access logs (Cloudflare)IP address, user-agent string, requested URL, response status, and timestamp. Used for security monitoring, abuse prevention, and aggregate traffic measurement. Retained per Cloudflare’s default retention, then deleted.
Cloudflare Web Analytics — server-sideCloudflare aggregates the access logs above into anonymous traffic counts (page views, unique visits, referrers, country). No cookies, no fingerprinting, no cross-site identifiers. Counts are visible only to the site operator. Applies to every visit.
Cloudflare Web Analytics — Real-User Measurements (non-EU visitors)For visitors outside the European Union, Cloudflare’s edge proxy injects a small JavaScript beacon that measures Core Web Vitals (LCP, CLS, INP) and sends them to Cloudflare. No cookies are set, no persistent identifiers. EU visitors do not receive this beacon — the proxy excludes injection based on origin country.
Email correspondenceIf you write to hello@nexttrace.io, your message and email address are processed for the purpose of replying to you. Stored for as long as needed to handle the conversation, then deleted on request or within a reasonable period.
No cookies, no cross-site trackingWe set no cookies. We do not use Google Analytics, Plausible, Umami, or any cross-site tracker. We do not load fonts from a CDN — IBM Plex Sans is self-hosted via next/font. The only third-party origin served to non-EU visitors is Cloudflare’s own RUM beacon described above.

Legal basis

GDPR Art. 6 (1) (f).

Processing of server logs is grounded in our legitimate interest in operating, securing, and improving the service (GDPR Art. 6(1)(f)). Processing of email correspondence is grounded in your request and our response (GDPR Art. 6(1)(b) and (f)).

Your rights

Access. Rectify. Erase.

Under GDPR you have the right to information about the data we hold about you (Art. 15), to correct it (Art. 16), to have it erased (Art. 17), to restrict processing (Art. 18), to data portability (Art. 20), and to object to processing (Art. 21). You also have the right to lodge a complaint with a supervisory authority — for a Berlin-based operator, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

To exercise any of these rights, write to hello@nexttrace.io.

Hosting

EU-resident infrastructure.

The site is served from Cloudflare’s global edge network. Cloudflare routes traffic through the geographically nearest data centre. For EU-resident visitors, this is typically a European POP. Cloudflare’s privacy practices and the corresponding data processing agreement are available at cloudflare.com/privacypolicy.

Changes

Material changes are posted here.

If we add new data processing, this page is updated before the change goes live, with a summary of what changed. Last updated: 2026-05-06 — disclosed Cloudflare Web Analytics (server-side, plus Real-User Measurements JS for non-EU visitors).