New Playbook: Cold Email Infrastructure Setup Guide

Read Now arrow_forward
Mailsfinder Mailsfinder
Mailsfinder Mailsfinder
Pricing
Compare
Contact
Log In Start Free Trial
update Last updated: March 2025
shield GDPR

GDPR Compliance

Mailsfinder is committed to full GDPR compliance. Here is everything you need to know about how we handle EU personal data.

verified

If you need a Data Processing Agreement (DPA) for your organization, email legal@mailsfinder.com and we will send you a signed copy within 2 business days.

Our Role Under GDPR

As a Data Controller

When you create a Mailsfinder account, we act as a data controller for your personal information (name, email, payment details). We determine why and how your data is processed.

As a Data Processor

When you use Mailsfinder to find or verify emails on behalf of your organization, we act as a data processor. We process that data strictly according to your instructions and our DPA.

Lawful Bases for Processing

We rely on the following lawful bases under GDPR Article 6:

  • Article 6(1)(b) — Contract: Processing necessary to provide the Service
  • Article 6(1)(f) — Legitimate Interests: Service improvement, fraud prevention, and security
  • Article 6(1)(a) — Consent: Marketing emails and non-essential cookies
  • Article 6(1)(c) — Legal Obligation: Tax records and regulatory compliance

Data Subject Rights (Articles 15–22)

We fully support all GDPR data subject rights. EU residents may exercise the following:

  • Art. 15 — Right of Access: Request what personal data we hold about you
  • Art. 16 — Right to Rectification: Correct inaccurate or incomplete data
  • Art. 17 — Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Art. 18 — Right to Restriction: Limit how we process your data
  • Art. 20 — Right to Data Portability: Receive your data in a portable format
  • Art. 21 — Right to Object: Object to processing based on legitimate interests
  • Art. 22 — Automated Decision-Making: We do not make automated decisions with legal effects

Submit requests to privacy@mailsfinder.com. Response time: within 30 days.

Sub-Processors

We use the following approved sub-processors to deliver our service. All are bound by GDPR-compliant DPAs:

  • Amazon AWS (USA) — Cloud infrastructure & storage
  • Stripe (USA) — Payment processing
  • Google Analytics (USA) — Usage analytics (anonymized)
  • Intercom (USA) — Customer support
  • Postmark (USA) — Transactional email

We will notify customers of any changes to our sub-processor list with at least 10 days notice.

International Data Transfers

Some of our sub-processors are based outside the EEA. For all international transfers, we ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Supplementary technical and organizational measures

Security Measures

We implement appropriate technical and organizational security measures including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls
  • Regular security audits and penetration testing
  • Incident response procedures with 72-hour breach notification

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

Where the breach is likely to result in a high risk to individuals, we will also notify affected individuals without undue delay.

Questions about this policy?

Our team is happy to clarify anything. Reach us at legal@mailsfinder.com

mail Contact Support