Version 2026-06 · includes the Data Processing Agreement summary
All email content, recipient data, and delivery events are processed and stored on infrastructure inside the European Union. Data is encrypted in transit and at rest.
For the recipient data in the messages you send, you are the controller and we act as your processor under GDPR Art. 28 — the Data Processing Agreement is part of these terms. We process that data only to deliver your email and report on it, never for advertising or profiling.
Message content and events are retained for a limited, plan-dependent window and then purged automatically. You can export or erase a recipient's data at any time from the dashboard or API (GDPR Art. 15 and 17). Suppression entries are kept as a legal-obligation carve-out so opted-out recipients stay opted out.
We store your name, email address, and billing details to operate your account. Payment card data is handled by our payment provider and never touches our servers. Security-relevant actions are kept in an audit log.
We use a small set of infrastructure sub-processors for email delivery and payments. Email data leaves our EU infrastructure only as required to hand a message to the receiving mail server.