General Data Protection Regulation

GDPR Compliance

MaileniumAI is committed to full compliance with the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. GDPR is a comprehensive data protection law that applies to all organizations processing personal data of individuals in the European Economic Area (EEA). This page explains our GDPR compliance measures, your rights under GDPR, and how we help you comply with GDPR when using our email marketing platform.

Last Updated: March 2, 2026

1. What is GDPR?

01.

1.1 Overview. The General Data Protection Regulation (GDPR) is a European Union regulation that governs the collection, processing, storage, and protection of personal data. GDPR applies to:

  • Organizations located in the EEA that process personal data
  • Organizations outside the EEA that offer goods or services to individuals in the EEA
  • Organizations that monitor the behavior of individuals in the EEA
  • Any organization processing personal data of EEA residents, regardless of the organization's location
03.

1.2 Key Principles. GDPR is based on seven key principles:

  • Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and transparently.
  • Purpose Limitation: Personal data must be collected for specified, explicit, and legitimate purposes.
  • Data Minimization: Personal data must be adequate, relevant, and limited to what is necessary.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage Limitation: Personal data must be kept in a form that permits identification for no longer than necessary.
  • Integrity and Confidentiality: Personal data must be processed securely.
  • Accountability: Data controllers must be able to demonstrate compliance with GDPR principles.
05.

1.3 Our Commitment. MaileniumAI is fully committed to GDPR compliance and implements comprehensive measures to ensure that all personal data processing complies with GDPR requirements.

2. Your Rights Under GDPR

01.

2.1 Right of Access. You have the right to obtain confirmation of whether we process your personal data and to access that data. You can request:

  • Confirmation of whether your personal data is being processed
  • Access to your personal data
  • Information about the purposes of processing, categories of data, recipients, retention periods, and your rights
  • A copy of your personal data in a structured, commonly used format
03.

2.2 Right to Rectification. You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your account information directly through our Service or request corrections by contacting us.

04.

2.3 Right to Erasure ("Right to be Forgotten"). You have the right to request deletion of your personal data in certain circumstances, including when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation
06.

2.4 Right to Restrict Processing. You have the right to restrict processing of your personal data when:

  • You contest the accuracy of the data (processing is restricted until accuracy is verified)
  • Processing is unlawful and you oppose erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing (processing is restricted pending verification of legitimate grounds)
08.

2.5 Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. We provide data export functionality to facilitate data portability.

09.

2.6 Right to Object. You have the right to object to processing of your personal data for:

  • Direct marketing purposes (you can opt out at any time)
  • Processing based on legitimate interests (we will stop processing unless we demonstrate compelling legitimate grounds)
  • Scientific or historical research or statistical purposes (unless processing is necessary for public interest)
11.

2.7 Right to Withdraw Consent. When processing is based on consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

12.

2.8 Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority if you believe that processing of your personal data violates GDPR. Contact information for supervisory authorities is provided in Section 9.

3. How We Comply with GDPR

01.

3.1 Lawful Basis for Processing. We process personal data only when we have a lawful basis, including:

  • Contract: Processing necessary to perform our contract with you (providing email marketing services)
  • Legal Obligation: Processing necessary to comply with legal obligations (tax, accounting, anti-spam laws)
  • Legitimate Interests: Processing necessary for our legitimate interests (security, fraud prevention, service improvement), balanced against your rights and interests
  • Consent: Processing based on your explicit consent (marketing communications, cookies)
03.

3.2 Data Minimization. We collect and process only the personal data that is necessary for the specified purposes. We do not collect excessive or irrelevant data.

04.

3.3 Purpose Limitation. We process personal data only for specified, explicit, and legitimate purposes. We do not process personal data for purposes incompatible with the original purposes.

05.

3.4 Data Accuracy. We take reasonable steps to ensure that personal data is accurate and kept up to date. You can update your information through your account settings or by contacting us.

06.

3.5 Storage Limitation. We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. We have clear data retention policies and automatically delete data when retention periods expire.

07.

3.6 Security Measures. We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Network security and intrusion detection
  • Data backup and disaster recovery procedures
  • Employee training on data protection
09.

3.7 Privacy by Design and by Default. We implement privacy by design and by default, meaning that privacy and data protection considerations are built into our systems and processes from the outset, and we process only the minimum amount of personal data necessary by default.

10.

3.8 Data Processing Agreements. When we act as a data processor (processing contact data on behalf of users), we enter into Data Processing Agreements (DPAs) that comply with GDPR requirements. Our Data Processing Schedule provides detailed information about our processing activities.

11.

3.9 Data Breach Notification. In the event of a personal data breach that poses a risk to data subjects' rights and freedoms, we notify affected data controllers without undue delay (within 72 hours where feasible) and assist in notifying data subjects when required.

12.

3.10 Data Protection Impact Assessments. We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to data subjects' rights and freedoms.

4. GDPR Compliance Tools and Features

01.

4.1 Consent Management. We provide tools to help you manage consent in compliance with GDPR:

  • Double opt-in functionality to verify email addresses and obtain explicit consent
  • Consent records and audit trails
  • Clear consent language and consent forms
  • Consent withdrawal mechanisms (unsubscribe links)
  • Consent management dashboard
03.

4.2 Data Subject Rights Tools. We provide tools to help you fulfill data subject rights requests:

  • Data Export: Export contact data and account data in structured formats (CSV, JSON) for data portability
  • Data Deletion: Delete contacts, campaigns, and account data with permanent removal from our systems
  • Data Access: Access and view all personal data associated with your account
  • Data Correction: Update and correct personal data through account settings or support requests
  • Unsubscribe Management: Automatic processing of unsubscribe requests and suppression list management
05.

4.3 Privacy Policies and Transparency. We provide:

  • Comprehensive Privacy Policy explaining our data processing practices
  • Cookies Policy explaining our use of cookies and tracking technologies
  • Data Processing Schedule detailing our processing activities
  • Clear information about data collection, use, and sharing
07.

4.4 Security and Data Protection. We implement:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security audits and assessments
  • Data backup and recovery procedures
  • Incident response and breach notification procedures
09.

4.5 Audit Logs and Compliance Reporting. We maintain:

  • Audit logs of data access and processing activities
  • Records of consent and data subject requests
  • Compliance reports and documentation
  • Records of processing activities as required by GDPR

5. Your Responsibilities as a Data Controller

01.

5.1 Data Controller Role. When you use MaileniumAI to send email marketing campaigns, you act as the data controller for the contact data (email recipient data) you process. As a data controller, you are responsible for:

  • Obtaining Consent: Obtaining explicit, informed consent from contacts before adding them to mailing lists and sending marketing emails
  • Maintaining Consent Records: Keeping records of when and how consent was obtained, as required by GDPR
  • Honoring Data Subject Rights: Responding to data subject rights requests (access, rectification, erasure, etc.) from your contacts
  • Processing Unsubscribe Requests: Processing unsubscribe requests immediately and permanently removing unsubscribed contacts from mailing lists
  • Data Accuracy: Ensuring that contact data is accurate and kept up to date
  • Data Security: Implementing appropriate security measures to protect contact data
  • Data Breach Notification: Notifying affected data subjects and supervisory authorities of data breaches when required
  • Compliance with GDPR: Ensuring that all email marketing activities comply with GDPR requirements
03.

5.2 Our Role as Data Processor. When we process contact data on your behalf, we act as a data processor. We process contact data only in accordance with your instructions and our Data Processing Agreement. We assist you in fulfilling your obligations as a data controller by providing tools and support.

04.

5.3 Data Processing Agreement. Our Data Processing Schedule and Terms of Service include provisions that comply with GDPR requirements for data processing agreements. By using MaileniumAI, you enter into a Data Processing Agreement with us.

6. Exercising Your GDPR Rights

01.

6.1 How to Exercise Your Rights. You can exercise your GDPR rights by:

  • Account Settings: Access, update, or delete your account information through your account settings
  • Data Export: Export your data using our data export tools in your account settings
  • Contact Us: Send a request to privacy@mailenium.ai with details of your request
  • Support Portal: Submit a request through our support portal at https://mailenium.ai/help
03.

6.2 Response Time. We will respond to your GDPR rights requests within 30 days (or as required by applicable law). For complex requests, we may extend this period by up to 60 days, with notification to you.

04.

6.3 Verification. We may require verification of your identity before processing GDPR rights requests to protect against fraudulent or unauthorized requests. We may ask for:

  • Proof of identity (government-issued ID)
  • Account verification (email confirmation, security questions)
  • Additional information to verify your identity
06.

6.4 No Fees. We do not charge fees for processing GDPR rights requests, except in cases where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

07.

6.5 Right to Complain. If you are not satisfied with our response to your GDPR rights request, you have the right to lodge a complaint with a supervisory authority. Contact information for supervisory authorities is provided in Section 9.

7. International Data Transfers

01.

7.1 Transfer Locations. Personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States and other jurisdictions where our sub-processors operate.

02.

7.2 Transfer Safeguards. We ensure that international data transfers comply with GDPR requirements through:

  • Standard Contractual Clauses (SCCs): We use EU-approved standard contractual clauses with sub-processors located outside the EEA
  • Adequacy Decisions: We rely on adequacy decisions where applicable (e.g., for transfers to countries with adequate data protection laws)
  • Additional Safeguards: We implement additional technical and organizational safeguards to protect transferred data
04.

7.3 Your Consent. By using MaileniumAI, you acknowledge that personal data may be transferred to and processed in countries outside your jurisdiction. You are responsible for ensuring that such transfers comply with applicable laws in your jurisdiction.

8. Data Breach Notification

01.

8.1 Our Commitment. We are committed to protecting personal data and have procedures in place to detect, assess, and respond to personal data breaches promptly.

02.

8.2 Notification to Data Controllers. In the event of a personal data breach affecting contact data processed on behalf of users (data controllers), we will:

  • Notify the affected data controller without undue delay (within 72 hours where feasible)
  • Provide information about the nature of the breach, affected data, and mitigation measures
  • Assist the data controller in notifying affected data subjects if required
  • Cooperate with regulatory authorities as necessary
04.

8.3 Notification to Data Subjects. Where a breach poses a high risk to data subjects' rights and freedoms, we will assist data controllers in notifying affected data subjects without undue delay.

05.

8.4 Notification to Supervisory Authorities. We will notify relevant supervisory authorities of personal data breaches in accordance with GDPR requirements (within 72 hours where feasible).

9. Supervisory Authorities

01.

9.1 Right to Complain. If you believe that processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority in the EEA member state where you reside, work, or where the alleged violation occurred.

02.

9.2 Contact Information. Contact information for supervisory authorities in EEA member states can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

03.

9.3 Our Cooperation. We cooperate fully with supervisory authorities and will respond to any inquiries or investigations in a timely and transparent manner.

10. Updates to This Page

01.

10.1 Page Updates. We may update this GDPR compliance page from time to time to reflect changes in our practices, legal requirements, or GDPR guidance. We will notify you of material changes by posting the updated page on our Service and updating the "Last Updated" date.

02.

10.2 Continued Use. Your continued use of MaileniumAI after we post an updated page constitutes your acceptance of the updated information. If you do not agree with the updated information, you should stop using our Service.

11. Contact Us

01.

If you have questions about GDPR compliance, need to exercise your GDPR rights, or have concerns about data processing, please contact us:

02.

Data Protection Officer
Email: dpo@mailenium.ai

03.

For general inquiries or support, please contact us at support@mailenium.ai or visit our Help Portal.

Our GDPR Commitment

MaileniumAI is fully committed to GDPR compliance and protecting your privacy rights. We implement comprehensive technical and organizational measures to ensure that all personal data processing complies with GDPR requirements, and we are dedicated to helping you comply with GDPR when using our email marketing platform.

If you have questions about GDPR compliance or need to exercise your GDPR rights, please contact our Data Protection Team. We are here to help and ensure that your privacy rights are respected.