GDPR Compliance

It´s important to keep data safe, but how?

What Are We Doing

Data Collection

  • We have made it possible for you (The controller), to see exactly what data is collected for a given data subject in our platform, which you can delete at any time.
  • We always collect e-mails, IP address and timestamps from all submissions regardless of method, so that you can prove consent.
  • Deleting a data subject, also deletes all data collected from them.
  • Data subjects can at all times see all data collected on them from their profile, and delete it themselfes by unsubscribing from the controllers lists.
  • We are automaticly deleting data which doesnt have a purpose anymore. This could be terminated mailforge user´s, or old analytics data.


  • Mailforge is developed with “Privacy by Design” in mind, which gives you (The controller), full access to any data related to you. That means, you can upload, view, extract and delete data as you wish by yourself.
  • Our infrastructure is set up securely in the EU, so that only a few people have access to it trough very secure encryption keys.

What Should You Do


  • You need consent from the visitor, so that you are allowed to collect their data. This can be done by adding a checkbox which the data subject can allow you to collect and store their data. The data subject have to perform an action to give consent, so the checkbox cannot be pre-checked.


  • If you are in the EU, and require a “Data Processing Agreement” which will allow us (The processor) rights to process and handle your collected data. You can find the DPA under your account settings pre-signed by us. We will store your name, time of signing and IP address to verify you signed the DPA.
  • You should update your own Terms of use to be GDPR compliant, where you explains what data your collecting, and what your using it for, who have access to it etc.