GDPR Compliance
MailStrike is committed to protecting your data and upholding your rights under the General Data Protection Regulation (GDPR).
Our Commitment to GDPR
At MailStrike, data protection is not just a legal obligation - it is a core principle that guides how we build and operate our platform. We process personal data lawfully, fairly, and transparently, and we implement robust technical and organizational measures to safeguard your information.
Whether you are a data subject, a customer acting as a data controller, or a partner, we are dedicated to ensuring your data rights are respected and upheld at every stage of processing.
Your Data Subject Rights
Under GDPR, you have the following rights regarding your personal data.
Right of Access
Request a copy of your personal data that we process, along with information about how and why we process it.
Right to Rectification
Have inaccurate personal data corrected or incomplete data completed without undue delay.
Right to Erasure
Request deletion of your personal data when it is no longer necessary for the purpose it was collected.
Right to Restrict Processing
Request limitation of processing in certain circumstances, such as when you contest the accuracy of data.
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Object
Object to processing of your data based on legitimate interests, including profiling and direct marketing.
Automated Decision-Making
Not be subject to decisions based solely on automated processing, including profiling, that produce legal effects.
Withdraw Consent
Withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
Legal Basis for Processing
We process personal data only when we have a valid legal basis under GDPR.
Contractual Necessity
Processing necessary for the performance of our contract with you - delivering the MailStrike platform and its features.
Consent
Processing based on your freely given, specific, informed, and unambiguous consent - such as marketing communications.
Legitimate Interest
Processing necessary for our legitimate business interests - such as fraud prevention, security, and platform improvement - where not overridden by your rights.
Data Processing Details
What Data We Process
We process account information (name, email, company), campaign data (email content, recipient lists), usage data (feature interactions, IP addresses), and billing information (processed securely by our payment provider).
How Data Is Processed
Data is processed using automated systems for service delivery, encrypted in transit and at rest using AES-256, and access is restricted on a need-to-know basis following the principle of least privilege.
Retention Periods
Active account data is retained for the duration of the account. Campaign analytics are retained for 24 months after creation. Billing records are retained for 7 years as required by law. Deleted account data is purged within 90 days.
Data Protection Officer
Our Data Protection Officer (DPO) oversees our data protection strategy and ensures compliance with GDPR. You can contact our DPO for any data protection inquiries:
Email: dpo@mailstrike.io
Address: Data Protection Officer, MailStrike Inc., 123 Innovation Drive, San Francisco, CA 94105, United States
Sub-processors
We use the following sub-processors to deliver our services. All sub-processors are bound by data processing agreements that include GDPR-compliant safeguards.
| Name | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure & hosting | United States, EU |
| Stripe | Payment processing | United States |
| Google Cloud Platform | Data analytics & machine learning | United States, EU |
| SendGrid | Transactional email delivery | United States |
| Intercom | Customer support & messaging | United States |
| Datadog | Application monitoring & logging | United States, EU |
International Transfers
When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place:
- Adequacy Decisions: We transfer data to countries recognized by the European Commission as providing adequate data protection where possible.
- Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, we use EU-approved Standard Contractual Clauses as our primary transfer mechanism.
- EU-US Data Privacy Framework: We are certified under the EU-US Data Privacy Framework for transfers to the United States.
Data Breach Notification
In the event of a personal data breach that poses a risk to individuals’ rights and freedoms, we commit to:
72 Hours
Notification to the relevant supervisory authority within 72 hours of becoming aware of the breach.
Without Delay
Direct notification to affected individuals when the breach is likely to result in a high risk to their rights.
Full Report
A comprehensive incident report detailing the nature, scope, consequences, and remedial actions taken.
How to Exercise Your Rights
Submit a Request
Email dpo@mailstrike.io with your request, specifying which right you wish to exercise and providing proof of identity.
Verification & Review
Our DPO team will verify your identity and review your request within 5 business days of receipt.
Fulfillment
We will fulfill your request within 30 days. Complex requests may be extended by an additional 60 days with notice.
Contact & Complaints
If you have any questions about our GDPR compliance or wish to file a complaint, please reach out to our Data Protection Officer at dpo@mailstrike.io.
You also have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes GDPR.