Setting up solid required legal docs as you did is a good first step. In general, don't save data about your users. If you need to, minimize the amount. Don't use non-essential cookie, this allows comes with the benefit of not needing to show an annoying a cookie banner.
As an alternative to Google Analytics, I recommend Plausible. If you need more event-based tracking (like Mixpanel), have a look at my app Fugu (https://github.com/shafy/fugu). It doesn't track unique users and is therefore compliant with GDPR. It's hosted in Germany, and you can self host it for free if you want (it's open-source).
This is not very clear yet, but it might well be possible that using US companies as hosting providers might also become illegal under GDPR, even you use their EU data center. This is because the US government can access all US companies customer data, even if it's not hosted in the US. There are already precendences where this was ruled by a court. So, to be safe, I would also pick a EU provider, such as Hetzner, Clever Cloud or Scalingo.
As an alternative to Google Analytics, I recommend Plausible. If you need more event-based tracking (like Mixpanel), have a look at my app Fugu (https://github.com/shafy/fugu). It doesn't track unique users and is therefore compliant with GDPR. It's hosted in Germany, and you can self host it for free if you want (it's open-source).
This is not very clear yet, but it might well be possible that using US companies as hosting providers might also become illegal under GDPR, even you use their EU data center. This is because the US government can access all US companies customer data, even if it's not hosted in the US. There are already precendences where this was ruled by a court. So, to be safe, I would also pick a EU provider, such as Hetzner, Clever Cloud or Scalingo.