Summary

Current regulations may raise concerns from organizations about how the Service uses and protects your data - this page attempts to answer some of the most common questions you may have.

• The Privacy & Data Retention section provides an overview of our data center and our data retention policy.
• The GDPR section provides detailed information about how we comply with GDPR.
• The Third Parties section provides a list of our sub-processors under GDPR.

For general inquiries, send a message anytime to privacy@emailconnect.eu.

Privacy and data retention

Your privacy is important to us. It is EmailConnect's policy to respect your privacy regarding any information the system may collect from you across the website, https://emailconnect.eu, and other sites we own and operate.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we're collecting it and how it will be used.

Data center

EmailConnect's primary data and servers are hosted at Hetzner in Germany. These servers use hydropower as renewable energy sources, supporting our commitment to environmental sustainability.

Data retention

We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we'll protect within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. Email data retention periods are configurable in your EmailConnect settings and default to industry-standard timeframes.

Security of sensitive configuration data

For customers using custom storage configurations (such as custom S3 endpoints), we implement additional security measures:

• Encrypted credential storage: All custom S3 access keys, API tokens, and webhook authentication credentials are encrypted at rest using industry-standard encryption (AES-256)
• Key management: Encryption keys are managed separately from application data and rotated regularly
• Access controls: Only authorized system processes can decrypt credentials, never exposed in logs or error messages
• Secure transmission: All credentials are encrypted during transmission and never stored in plain text

We don't share any personally identifying information publicly or with third-parties, except when required by law.

With your active consent, we store only necessary information to provide email processing and delivery services through our third-party integrations (see Third Parties section). We store this information for the duration that the integration is active and according to your configured retention settings.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.

EU General Data Protection Regulation (GDPR)

What is GDPR?

In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It came into effect on May 25, 2018.

GDPR is also known as AVG (Netherlands), RGPD (France, Spain), and DSGVO (Germany) in their respective countries.

Why is GDPR important?

GDPR adds new requirements regarding how companies should protect individuals' data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches. For email processing services like EmailConnect, GDPR compliance is particularly crucial as we handle personal communications.

What has EmailConnect done to comply with GDPR?

We work hard to meet our obligations as a processor under Article 28 of GDPR. To this end:

• We process your customer and end user data per your instructions
• We have implemented appropriate technical and organizational measures to protect the data with which you entrust us
• We have provided a comprehensive list of our sub-processors below
• We have instituted a policy informing and obligating our employees to maintain the confidentiality of your information
• We have instituted procedures to assist you in complying with requests for access, amendment or deletion that you may receive from your customers or end users
• We will delete your customer/end user information at the end of our agreement with you, if you request it
• We have appointed a representative as required by Article 27 of GDPR

How do you manage access to my information?

We service Data Subject Rights (DSR) requests such as delete and export manually to ensure accuracy and security. If you have an account with us, you may access, correct, or request that we delete your personal data by contacting us at privacy@emailconnect.eu.

This request can include personal data of other individuals, like your employees or customers that you have provided to us and who have requested this of you. We will respond to these requests within 14 days or less, which is well within the GDPR requirement of 30 days.

Working with third parties

Sub-processors and third party services

Development and operations tools

The following tools are used for service development and operations but do not process customer data:

For a complete technical overview of EmailConnect's infrastructure, refer to: https://hosting-checker.net/websites/emailconnect.eu

Contact information

For any privacy-related questions, GDPR requests, or data protection concerns, please contact us at: