GDPR

GDPR Policy

Our commitment to EU data protection and your rights under the General Data Protection Regulation.

Last updated: April 2026

1. Overview

MailSpaceAI is committed to full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This policy outlines how we process personal data of EU/EEA residents and the rights available to you.

MailSpaceAI is audited by Google and operates as a Google Cloud Partner. We apply privacy-by-design principles across all our systems.

2. Data Controller

MailSpaceAI acts as the Data Controller for personal data collected through our platform. For data processed on behalf of our users (e.g., campaign recipient data), MailSpaceAI acts as a Data Processor.

Contact our Data Protection contact: privacy@mailspaceai.com

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract performance: Processing necessary to provide the MailSpaceAI service you have signed up for.
  • Legitimate interests: Analytics, security monitoring, and service improvement.
  • Consent: Where you have explicitly opted in (e.g., marketing communications).
  • Legal obligation: Where required by applicable law.

4. Data We Process

  • Account data: name, email address, Google profile
  • Email tracking metadata: open timestamps, device type, approximate location
  • Campaign data: recipient lists, templates, performance metrics
  • Usage data: feature interactions, session data

5. International Data Transfers

Your data may be processed in countries outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision.

6. Your GDPR Rights

As an EU/EEA resident, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction (Art. 18): Request that we limit how we use your data.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.
  • Rights related to automated decision-making (Art. 22): We do not make solely automated decisions with legal effects.

To exercise any right, email privacy@mailspaceai.com. We will respond within 30 days.

7. Data Retention

We retain personal data only as long as necessary for the purposes described. Account data is retained while your account is active. Tracking data is retained for up to 24 months. You may request earlier deletion at any time.

8. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Art. 33–34.

9. Data Processing Agreement

Enterprise customers who require a Data Processing Agreement (DPA) may request one by contacting privacy@mailspaceai.com.

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data in accordance with GDPR.

11. Contact

For GDPR-related enquiries: privacy@mailspaceai.com