Privacy policy
How the CamelMailer cloud service processes personal data (GDPR).
1. Controller
[COMPANY LEGAL NAME], [ADDRESS] ("we"). Data protection contact: privacy@camelmailer.example. This policy covers the cloud service; if you self-host CamelMailer, you are the controller of your instance and this policy does not apply.
2. What we process
| Category | Examples | Purpose / legal basis |
|---|---|---|
| Account data | Name, email, password hash, 2FA state, SSO subject | Providing the service (Art. 6(1)(b) GDPR) |
| Customer content | Messages you send/receive through your servers, templates, suppression lists | Processed on your behalf as processor (Art. 28; see DPA) |
| Usage & security data | API logs, auth audit events, IP addresses, user agents | Security, abuse prevention, billing (Art. 6(1)(f)/(b)) |
| Billing data | Company details, invoices, payment references | Contract & legal obligations (Art. 6(1)(b)/(c)) |
3. Where it lives
All production systems run on EU infrastructure operated by the providers listed on the sub-processors page. We do not transfer customer content outside the EU/EEA. Mail you send is, by nature, delivered to its recipients' providers worldwide.
4. Retention
- Message content and events: [30/60/90] days by default, then deleted; configurable per server.
- Auth audit events: [12] months.
- Account and billing data: for the life of the contract plus statutory retention periods.
5. Your rights
Access, rectification, erasure, restriction, portability and objection under Art. 15–21 GDPR, plus complaint to a supervisory authority. Write to privacy@camelmailer.example.
6. Cookies
The dashboard uses no third-party trackers and no advertising cookies. Session state is a bearer token stored in your browser's local storage; this website sets no cookies at all.