mailmundo

Data Processing Agreement

Last updated: 2026-05-06

This Data Processing Agreement ("DPA") supplements Mailmundo's Terms of Serviceand applies when Mailmundo processes Personal Data on behalf of a Customer ("you") under the GDPR, UK GDPR, LGPD, or similar regimes.

1. Definitions

Terms not defined here have the meaning given in the GDPR (Regulation (EU) 2016/679). "Customer Data" means Personal Data you upload or generate through your use of Mailmundo.

2. Roles

You are the Controller of Customer Data. Mailmundo is a Processor acting on your documented instructions. Where Customer Data flows through additional services (sub-processors), Mailmundo engages those on your behalf as listed at /sub-processors.

3. Subject matter and duration

Subject matter: provision of email infrastructure (transactional and marketing). Duration: for as long as you are a Mailmundo customer plus a 90-day retention window unless you instruct earlier deletion.

4. Categories of Data Subjects and Personal Data

  • Data Subjects: your customers, prospects, employees, contractors, and other individuals whose contact details you upload.
  • Personal Data: name, email address, phone number, postal address, marketing preferences, behavioral events (opens, clicks), and any other data you choose to include in templates or imports.

5. Mailmundo obligations

  • Process Customer Data only on your documented instructions.
  • Ensure personnel with access are bound by confidentiality.
  • Implement appropriate technical and organizational security measures (see /security).
  • Assist you with Data Subject requests (access, rectification, deletion, portability, objection).
  • Notify you of Personal Data Breaches without undue delay (within 72 hours of confirmation).
  • Make available information necessary to demonstrate compliance.

6. Sub-processors

You authorize Mailmundo to engage the sub-processors listed at /sub-processors. We notify you 30 days before adding a new sub-processor or replacing an existing one, except where urgency requires faster action.

7. International transfers

Where transfers leave a jurisdiction with adequate protection, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards. We use the EU-approved 2021 SCCs for EU-based Customer Data and the UK Addendum for UK-based Customer Data.

8. Data Subject requests

If a Data Subject contacts Mailmundo directly, we forward the request to you and do not respond on substance unless legally required. We provide tooling so you can fulfill the request (export, deletion, rectification).

9. Audits

Once per twelve-month period, you may audit our compliance with this DPA via written request. Where Mailmundo holds a SOC 2 or equivalent report, we may satisfy the audit obligation by providing the report in lieu of an on-site audit.

10. Return or deletion

On termination, we delete Customer Data within 90 days, except where retention is required by law. You can export your data via the API or admin during the 30-day post-termination grace window.

11. Liability

Each party's liability under this DPA is subject to the limitations set out in the Terms of Service.

12. Activation

Self-service customers accept this DPA by clicking through during signup. Enterprise customers may request a counter-signed copy by emailing legal@mailmundo.com.

13. Order of precedence

In case of conflict between this DPA and the Terms of Service, this DPA prevails for matters relating to Personal Data processing.

This is a public template, version 1.0. Customers receive a binding, dated, and signed (or click-accepted) copy at signup.