1. Introduction

TrustedSender ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email infrastructure services, including our website, API, and related services.

We are committed to compliance with:

• General Data Protection Regulation (GDPR)
• ISO 27001:2022 Information Security Management Standards
• Industry best practices for data protection

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Account Information: Name, email address, company name, phone number
• Billing Information: Payment card details, billing address, tax information
• Technical Information: IP address, browser type, device information, usage data
• Communication Data: Support tickets, feedback, and correspondence

2.2 Email Data

As an email infrastructure provider, we process email data including:

• Email addresses (sender and recipient)
• Email content and attachments (when required for delivery)
• Delivery status and analytics
• Bounce and complaint information

2.3 Automatically Collected Information

We automatically collect certain information when you use our services:

• Log files and system events
• Performance metrics and error reports
• API usage statistics
• Security event logs

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Providing and maintaining our email infrastructure services
• Processing transactions and managing billing
• Delivering emails and managing delivery infrastructure
• Providing customer support and technical assistance

3.2 Security and Compliance

• Implementing and maintaining security measures
• Detecting and preventing fraud, abuse, and security threats
• Complying with legal obligations and industry standards
• Conducting security audits and assessments

3.3 Service Improvement

• Analyzing usage patterns to improve our services
• Developing new features and functionality
• Providing personalized experiences and recommendations
• Conducting research and development

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

4.1 Contract Performance

Processing is necessary for the performance of our service agreement with you.

4.2 Legitimate Interests

Processing is necessary for our legitimate interests in providing secure, reliable email services.

4.3 Legal Obligations

Processing is necessary to comply with legal obligations and regulatory requirements.

4.4 Consent

Where required, we obtain your explicit consent for specific processing activities.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Service Providers

• Cloud infrastructure providers (AWS, Google Cloud)
• Payment processors (Stripe, PayPal)
• Analytics and monitoring services
• Customer support platforms

5.2 Legal Requirements

• Compliance with applicable laws and regulations
• Response to legal requests and court orders
• Protection of our rights and property
• Emergency situations requiring disclosure

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

6. Data Security

We implement comprehensive security measures to protect your information:

6.1 Technical Safeguards

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Intrusion detection and prevention systems

6.2 Organizational Measures

• Employee training on data protection and security
• Access controls and role-based permissions
• Incident response and breach notification procedures
• Regular security assessments and updates

6.3 ISO 27001:2022 Compliance

Our information security management system is certified to ISO 27001:2022 standards, ensuring:

• Systematic approach to managing sensitive information
• Risk assessment and treatment procedures
• Continuous improvement of security practices
• Regular audits and compliance monitoring

7. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy:

7.1 Account Data

• Active account information: Duration of account plus 7 years
• Billing records: 7 years for tax and legal compliance
• Support communications: 3 years after resolution

7.2 Email Data

• Delivery logs: 90 days for operational purposes
• Analytics data: 2 years for service improvement
• Bounce and complaint data: 1 year for compliance

7.3 Deletion Process

Upon request or account closure, we securely delete your data within 30 days, with complete removal from all systems within 90 days.

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

8.1 Access and Portability

• Right to access your personal data
• Right to receive your data in a portable format
• Right to know how your data is processed

8.2 Rectification and Erasure

• Right to correct inaccurate data
• Right to delete your data ("right to be forgotten")
• Right to restrict processing

8.3 Objection and Withdrawal

• Right to object to processing
• Right to withdraw consent
• Right to data portability

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence:

9.1 Transfer Safeguards

• Standard Contractual Clauses (SCCs) for EU transfers
• Adequacy decisions for approved countries
• Binding corporate rules for intra-group transfers
• Additional technical and organizational measures

9.2 Data Localization

We offer data localization options for customers with specific requirements, ensuring data remains within preferred geographic regions.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

10.1 Essential Cookies

• Authentication and session management
• Security and fraud prevention
• Basic website functionality

10.2 Analytics and Performance

• Website usage analytics
• Performance monitoring and optimization
• User experience improvements

10.3 Marketing and Personalization

• Personalized content and recommendations
• Marketing campaign effectiveness
• Cross-platform user experience

11. Third-Party Services

Our services may integrate with third-party platforms and services:

11.1 Integration Partners

• CRM and marketing automation platforms
• E-commerce and payment systems
• Analytics and reporting tools
• Customer support platforms

11.2 Data Processing Agreements

All third-party integrations are governed by Data Processing Agreements (DPAs) ensuring compliance with data protection requirements.

12. Children's Privacy

Our services are not intended for children under 16 years of age:

12.1 Age Restrictions

• We do not knowingly collect data from children under 16
• Parental consent required for users under 18
• Immediate deletion of any discovered child data

13. Contact Information

For questions about this Privacy Policy or our data practices, please contact us:

14. Changes to This Policy

We may update this Privacy Policy from time to time:

14.1 Notification Process

• Email notification for significant changes
• Website banner for policy updates
• 30-day advance notice for material changes

14.2 Version Control

All policy versions are archived and accessible upon request. The effective date is clearly displayed at the top of this policy.

15. Compliance and Certifications

We maintain several certifications and compliance frameworks:

15.1 ISO 27001:2022

• Information Security Management System certification
• Regular audits and continuous improvement
• Risk-based approach to security management

15.2 GDPR Compliance

• Full compliance with EU data protection regulations
• Regular privacy impact assessments
• Data protection by design and default

15.3 Additional Standards

• SOC 2 Type II compliance
• CCPA compliance for California residents
• Industry-specific security standards