GDPR & privacy: what data we keep

MailManagers takes privacy seriously and is GDPR-compliant.

What data we keep

Per user:

• Email address and name — for login and billing
• Password hash — encrypted with bcrypt, cannot be reversed
• Signature content — what you fill in (name, phone, photo, etc.)
• Banner images and stats — for the banner functionality
• Login logs — for security audit (max 90 days)
• Stripe customer ID — linked to billing

Where it lives

• App + database: Hetzner servers in Germany (EU)
• Stripe: Stripe servers (encrypted, GDPR-compliant)
• Brevo (email sending): Brevo servers (EU)
• Cloudflare (Turnstile bot protection): EU edge

No transfer to the US without Standard Contractual Clauses.

Subprocessors

Our active subprocessors:

• Stripe — payment processing
• Brevo — email sending
• Hetzner — server hosting
• Cloudflare — security and Turnstile

Data Processing Agreements available on request.

Your rights

Under GDPR you have the right to:

• Access to your data
• Correction of incorrect data
• Deletion ("right to be forgotten")
• Portability (export to another platform)

Request via mail@matixs.com — response within 30 days.

Opt out of promotional and update emails

You can opt out of marketing and update emails at any time:

• Via your account: go to Account → Email preferences → toggle off "Receive updates and promotional emails"
• Via an email: click the "Unsubscribe" link at the bottom of any marketing email

Always sent: transactional emails (login verification, password reset, subscription notices, security updates) are sent regardless — you can't opt out of those while your account is active.