Controller: You (the customer). Processor: GPTemail.me. Effective: 9 April 2026.
Subject & duration
AI email processing (ingest, summarise, translate, respond) for the term of your subscription or until deletion on request.
Data types & subjects
- Email content, headers, attachments, metadata; user identifiers; billing identifiers.
- Data subjects: your end users, correspondents, and authorised account users.
Processor obligations
- Process only on your documented instructions (including this DPA and product configuration).
- Confidentiality for authorised personnel; least‑privilege access.
- Security: TLS in transit; data isolation per tenant; secrets in Secret Manager; logging/alerting; monthly usage reset controls.
- Subprocessors only as listed below; prior notice for changes with a right to object.
- Assist with data subject requests, breach notifications, DPIAs where relevant.
- Delete or return personal data at end of contract, subject to legal retention.
Subprocessors
- Google Cloud (hosting, storage, Pub/Sub, Firestore, Cloud Run).
- OpenAI / Google Gemini (LLM inference).
- Stripe (payments/subscriptions).
- ZeptoMail (outbound email delivery).
- Cloudflare (edge/email ingress, DNS, WAF).
We will post changes on this page at least 15 days before adding a new subprocessor. Some providers, especially payment providers such as Stripe, may also process certain information under their own regulatory obligations and privacy notices where applicable.
International transfers
We use contractual and provider safeguards for transfers outside the UK/EU, including Standard Contractual
Clauses where appropriate. Where we offer an EU-routed account, core application storage and compute for
supported product flows run in Google Cloud eur3 / europe-west4, but subprocessors such
as Stripe, ZeptoMail, Cloudflare, and AI providers may still process or transfer data internationally.
Audits
We will provide reasonable information to demonstrate compliance and will cooperate with supervisory authorities. Formal audits are subject to prior notice and confidentiality.
Contact
Email privacy@gptemail.me for data protection requests or a countersigned DPA (full PDF available on request).