Data Policy
Welcome to MailSped's Data Policy. We take your privacy seriously and are committed to full transparency, GDPR compliance, and respecting your control over your personal data.
Your privacy is our foundation
Our Commitment
This document is not just legal fine print, it's a clear explanation of what data we collect, how and why we use it, and how you can stay in control.
Data Policy Details
GDPR Compliance: We comply with the strictest standards under the European Union's General Data Protection Regulation (GDPR), ensuring your rights and protections. No Selling of Data, Ever: We do not and will never sell your personal data to advertisers, marketers, or any third party. Transparency and Control: You can easily email our Data Protection Officer to access, export, or delete your data anytime at contact@mailsped.com. EU-Based Storage: All user data is stored exclusively within the European Union. Our primary database is hosted on AWS infrastructure in Stockholm, Sweden (eu-north-1), guaranteeing full GDPR compliance and EU-only data residency. Website Hosting: Our website is hosted in Helsinki, Finland (hel1-dc2 datacenter, eu-central network zone), ensuring fast EU-based access and compliance.
We never store full email contents or message bodies. Email data is processed in real time using AI models like Google's Gemini 2.0 Flash in stateless, no-training mode. We ensure that no raw email data is retained or reused. All AI interactions occur only on anonymized snippets, never entire messages.
| Type of Data | Purpose | Example |
|---|---|---|
| Account Data | Create and manage your account | Email, name, login timestamps |
| Usage Data | Improve user experience and troubleshoot | Button clicks, feature usage times |
| Email Content (Anonymized) | Provide AI-powered insights without storing full emails | Message summaries, anonymized snippets |
We use Google's Gemini 2.0 Flash AI to help you prioritize emails better and faster but we never use your content to train or improve the underlying models. Here's how we protect your privacy: No Training on Your Data: Gemini processes your email content in stateless mode, meaning your data is not stored or used for model training. Real-Time, Anonymized Processing: We analyze only anonymized snippets of your emails in real time. Full messages and personally identifiable information are never saved to any persistent database.
Encryption: All data in transit is protected using TLS 1.3 encryption; data at rest is secured with AES-256 encryption. Limited Access: Only a small number of authorized staff have access to user data, solely for support or compliance purposes. Regular Security Audits: We perform ongoing security reviews and vulnerability testing to safeguard your data.
We rely on trusted partners to provide infrastructure, authentication, AI services, payment processing, and data storage. All providers are GDPR-compliant and either operate EU-based data centers or are certified under EU Standard Contractual Clauses (SCCs) for lawful data transfer. We never use third-party AI APIs that store or reuse your data beyond immediate, anonymized processing necessary to deliver the service.
| Provider | Service Type | Data Location / Compliance | Privacy Policy |
|---|---|---|---|
| Auth0 | Authentication & Identity | EU data centers, GDPR-compliant | Auth0 Privacy Policy |
| Google Gemini | AI / Language Models | EU-based processing (stateless mode) | Google Privacy & Terms |
| MongoDB Atlas | Database Storage | EU region (AWS Stockholm, eu-north-1) | MongoDB Privacy Policy |
| Stripe | Payment Processing | EU data centers, GDPR-compliant | Stripe Privacy Policy |
We avoid international data transfers unless strictly necessary. When transfers occur, we apply: Standard Contractual Clauses (SCCs) to guarantee EU-level data protection. Data Processing Agreements (DPAs) with all providers. Regular vendor audits to confirm ongoing GDPR compliance.
You have the right to: Access your personal data. Correct inaccuracies. Export your information in a portable format. Delete your account and all associated data (processed within 30 days). Withdraw consent at any time. You can easily email our Data Protection Officer to exercise any of these rights at contact@mailsped.com.
MailSped is not intended for use by individuals under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.
We're Here for You
Email is deeply personal. That's why MailSped is built on respect, clarity, and putting you in control.
If you have questions, concerns, or want to contact us directly:
Email: contact@mailsped.com
Data Protection Officer: Curtis Thomas
Location: Oulu, Finland
TL;DR - Why This Matters
At MailSped, your privacy isn't just a feature, it's our foundation. We don't just meet legal requirements; we aim to exceed them. Because trust is built through action, not just words.
