MailendarPrivacy Policy
Effective date: 5 May 2026
1. Who We Are
Mailendar ("we", "us") operates the Mailendar service. For GDPR purposes, we are the data controller. Contact: legal@team.mailendar.app
2. What Data We Collect
- Account data: name, email address, password (hashed), timezone
- Email content: forwarded emails you send to the Service for parsing
- Usage data: event records, calendar configuration, pipeline activity logs
- Technical data: IP address (used for rate limiting, not stored long-term), authentication cookies
3. Why We Process Your Data
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails | Contract |
| Rate limiting and abuse prevention | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4. AI Processing
Email content you send to the Service is processed by third-party AI providers, including OpenAI, to extract event information. This processing occurs on your instructions as part of the core Service. We do not use your content to train AI models. OpenAI's privacy policy applies to this processing.
5. Data Retention
- Account and event data: retained while your account is active, deleted immediately upon account deletion
- Email content: not stored after parsing is complete
- Logs: retained for up to 90 days or as managed by our hosting provider
6. Third-Party Services
| Provider | Purpose |
|---|---|
| OpenAI | AI email parsing |
| Fly.io | Cloud hosting |
| Stripe | Payment processing |
| Postmark | Transactional email delivery |
7. Your Rights (GDPR)
As an EU/EEA resident you have the right to: access, rectify, erase, restrict, or port your data, and to object to processing. To exercise these rights, email legal@team.mailendar.app. We will respond within 30 days. You may also lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.
8. Cookies
We use one strictly necessary cookie (access_token) for authentication. No tracking or advertising cookies are used.
9. Data Transfers
Your data is processed in the United States (by OpenAI, Fly.io, Postmark, and Stripe). Transfers outside the EEA are covered by Standard Contractual Clauses or equivalent safeguards.
10. Children
The Service is not directed at children under 16. We do not knowingly collect data from children.
11. Changes
We will notify you by email at least 14 days before material changes to this policy.
12. Contact
Privacy requests and questions: legal@team.mailendar.app