GDPR Compliance

It´s important to keep data safe, but how?

About the GDPR

On May 25th 2018, the new General Data Protection Regulation (GDPR) will be in effect.

The GDPR is an EU regulation to strengthening and unifying the data protection laws for everyone who lives in the EU. Here at Mailforge, we are trying to be ahead and make sure our platform is 100% GDPR compliant.

Before we continue, here are a few definitions you need to know when reading ahead and to understand GDPR


  • Processor: This is us, Mailforge, we acts as an extended arm who will process and handle all data collected by you, the Controller.
  • Controller: This is you, the Mailforge customer, who controls and owns the data from the Data subject.
  • Data Subject: The visitor on your website who subscribes to your contact lists.

What Are We Doing

Data Collection

  • We have made it possible for you (The controller), to see exactly what data is collected for a given data subject in our platform, which you can delete at any time.
  • We collect emails, IP address and timestamps from all submissions regardless of method, so that you can prove consent.
  • Deleting a data subject also deletes all data collected from them.
  • Data subjects can always see all data collected on them from their profile, and delete it themselves by unsubscribing from the controllers’ lists.
  • We automatically delete data which doesn’t have a purpose anymore. This could be terminated Mailforge users, or old analytics data.


  • Mailforge is developed with “Privacy by Design” in mind, which gives you (The controller) full access to any data related to you. That means you can upload, view, extract and delete data as you wish by yourself.
  • Our infrastructure is set up securely in the EU, so that only a few people have access to it through very secure encryption keys.

What Should You Do


  • You need consent from the visitor, so that you are allowed to collect their data. This can be done by adding a checkbox by which the data subject can allow you to collect and store their data. The data subject has to perform an action to give consent, so the checkbox cannot be pre-checked.


  • If you are in the EU, and require a “Data Processing Agreement” which will allow us (The processor) rights to process and handle your collected data. You can find the DPA under your account settings pre-signed by us. We will store your name, time of signing and IP address to verify you signed the DPA.
  • You should update your own Terms of Use to be GDPR-compliant, where you explain what data you collect, what you use it for, and who has access to it etc.