GDPR Compliance

Our Commitment to GDPR

EmailFunnelAI is committed to full compliance with the General Data Protection Regulation (GDPR). Whether you are a customer based in the European Union or you serve EU-based end users, we provide the tools, processes, and contractual commitments necessary to help you meet your GDPR obligations while using our platform.

Data Controller vs. Data Processor

Under GDPR, EmailFunnelAI acts in two capacities:

• Data Controller: For the personal data of our customers (account holders), such as name, email, and billing information. We determine the purposes and means of processing this data.
• Data Processor: For the personal data of your end users that you process through our platform (email subscribers, Telegram contacts, etc.). You, as our customer, are the Data Controller for this data, and we process it on your behalf according to your instructions.

Lawful Basis for Processing

We process personal data under the following lawful bases:

• Contractual Necessity: To provide the services you have subscribed to.
• Legitimate Interest: To improve our services, ensure security, and prevent fraud.
• Consent: For marketing communications and optional analytics, which you can withdraw at any time.
• Legal Obligation: To comply with applicable laws and regulations.

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: You can request a copy of all personal data we hold about you. We will respond within 30 days.
• Right to Rectification: You can request correction of any inaccurate personal data. Most data can be updated directly from your account settings.
• Right to Erasure: You can request deletion of your personal data. Upon account deletion, all data is permanently removed within 60 days.
• Right to Data Portability: You can request an export of your data in a machine-readable format (JSON/CSV) via our API or by contacting support.
• Right to Restrict Processing: You can request that we limit how we process your data in certain circumstances.
• Right to Object: You can object to our processing of your data for direct marketing purposes at any time.

Data Processing Agreement (DPA)

We offer a Data Processing Agreement (DPA) to all customers who require one. Our DPA includes Standard Contractual Clauses (SCCs) for international data transfers and outlines our obligations as a data processor, including security measures, sub-processor management, breach notification procedures, and data deletion commitments. Contact us to request a signed DPA.

Sub-Processors

We use a limited number of sub-processors to deliver our Service. All sub-processors have been vetted for GDPR compliance and have signed Data Processing Agreements with us. We maintain an up-to-date list of sub-processors and will notify customers of any changes with at least 30 days' notice. You may object to a new sub-processor by contacting us within that notice period.

International Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, and supplementary technical and organizational measures where necessary.

Data Breach Notification

In the event of a personal data breach, EmailFunnelAI will notify affected customers without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with Article 33 of the GDPR. The notification will include the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken to address the breach.

Tools for Your Compliance

We provide tools to help you meet your own GDPR obligations as a Data Controller:

• Subscriber consent management and double opt-in support.
• Easy unsubscribe links in every email.
• End-user data search, export, and deletion through the dashboard.
• Audit logs for tracking data access and modifications.
• API access for programmatic data retrieval and deletion.

Contact Our Data Protection Team

If you have questions about our GDPR compliance, wish to exercise your data subject rights, or need to request a DPA, contact our Data Protection team at privacy@emailfunnelai.com.