GDPR & Data Protection

Your privacy matters to us. This page explains how ProEmails processes and protects your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK Data Protection Act 2018.

Last updated: March 28, 2026

1. Data Controller

The data controller responsible for your personal data is:

ProEmails

9 Orchard Road

Stevenage

Hertfordshire, SG1 3HD

United Kingdom

Data Protection Officer (DPO):

Email: dpo@proemails.uk

2. Personal Data We Collect

We collect and process the following categories of personal data:

Account Data

Name and surname
Email address
Account credentials (stored using industry-standard hashing; we cannot view your password)
Billing information (processed by our payment provider; we do not store full card details)
IP address and access timestamps (for security and abuse prevention)

Email Data

Email content, attachments, headers, and metadata stored in your ProEmails mailbox
Address book / contact lists
Calendar data (if applicable to your plan)

Technical Data

IP addresses used to access the service
Device type, browser, and operating system
Access logs for security monitoring and abuse prevention

We do not collect sensitive personal data as defined under Article 9 GDPR (e.g., racial origin, political opinions, health data) unless such data is contained within your email communications, in which case it is processed solely for the purpose of providing email services.

3. Legal Basis for Processing

We process your personal data under the following legal bases as set out in Article 6(1) GDPR:

Performance of a Contract (Art. 6(1)(b))

Processing is necessary to provide the email services you have subscribed to, including account creation, email delivery, storage, and support.

Legitimate Interests (Art. 6(1)(f))

We process certain data for our legitimate interests, including: fraud and abuse prevention, network security, service improvement, and ensuring availability of our infrastructure. These interests are balanced against your rights and freedoms.

Legal Obligation (Art. 6(1)(c))

Where required to comply with applicable laws, court orders, or lawful requests from competent authorities.

Consent (Art. 6(1)(a))

Where we rely on your consent (e.g., for marketing communications), you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. How We Use Your Data

check_circle To provide, maintain, and improve our email hosting services
check_circle To send, receive, store, and deliver emails on your behalf
check_circle To provide customer support and respond to enquiries
check_circle To process payments and manage subscriptions
check_circle To detect, prevent, and address spam, phishing, malware, and abuse
check_circle To ensure the security, integrity, and availability of our infrastructure
check_circle To comply with legal obligations and respond to lawful requests

5. AI & Automated Processing

ProEmails uses artificial intelligence ("AI") technology for the following automated processing purposes:

AI Spam Filtering

Our AI-powered spam filtering system analyses incoming emails to identify and filter spam, phishing attempts, and malware. This processing is performed exclusively on our own servers located within the European Union. No email data is transmitted to, processed by, or stored on any third-party AI service, external API, or server outside our EU infrastructure.

Key Safeguards

All AI processing occurs solely on ProEmails-owned servers within the EU
No email data is shared with, transmitted to, or accessible by any third-party AI provider
AI systems operate under strict access controls; no human operator reviews email content
The AI system processes data in real-time and does not retain email content beyond the duration of the filtering operation
You may contact our DPO to request information about the logic involved in automated decision-making (Article 15(1)(h) GDPR)

Under Article 22 GDPR, you have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects on you. The AI spam filtering performed by ProEmails does not produce legal effects. If you believe a legitimate email has been incorrectly filtered, you can review your spam folder at any time or contact support.

6. Email Confidentiality

Our Commitment to Email Privacy

No human access: No ProEmails employee, contractor, or agent has access to your email content, attachments, or metadata.
No reading of emails: ProEmails does not read, scan, or manually review the content of your emails for any purpose other than automated spam and malware filtering as described in Section 5.
No profiling from email content: We do not use the content of your emails for advertising, profiling, marketing, or any purpose unrelated to the provision of email services.
No selling of data: We do not sell, rent, lease, or trade your email data or personal data to any third party.

Access to email infrastructure (servers, storage systems) is restricted to automated systems required for service delivery. In the rare event that manual server maintenance is required, technical measures ensure that email content is not accessible to personnel performing such maintenance. Any unauthorised access to customer email content would constitute a breach of this policy and applicable law.

7. Data Storage & Security

All personal data, including email content, account information, and metadata, is stored on servers located within the European Union.

Technical & Organisational Measures

In accordance with Article 32 GDPR, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Encryption in Transit

All connections to our servers use TLS/SSL encryption.

Encryption at Rest

Email data is encrypted on disk using AES-256 or equivalent.

End-to-End Encryption

OpenPGP / GnuPG support available on all plans.

Access Controls

Strict role-based access with multi-factor authentication for staff.

Network Security

Firewalls, intrusion detection, and continuous monitoring.

Physical Security

EU data centres with controlled physical access, 24/7 monitoring.

8. International Data Transfers

No transfers outside the EU/EEA. All personal data and email data is stored and processed exclusively on servers located within the European Union. We do not transfer your personal data to countries outside the EU/EEA.

In the event that a future change to our infrastructure requires a transfer of personal data outside the EU/EEA, we will ensure that appropriate safeguards are in place in accordance with Chapter V GDPR (e.g., Standard Contractual Clauses approved by the European Commission, adequacy decisions, or binding corporate rules) and will update this policy accordingly. You will be notified of any such change.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Active Accounts

Data is retained for the duration of your account and subscription period.

Account Deletion

Upon account deletion, all personal data, email content, attachments, metadata, and associated data are immediately and permanently deleted from our active systems and backups. We do not retain any copies of your data following account deletion.

Legal Retention Obligations

Where we are required to retain certain data by law (e.g., billing records for tax compliance), only the minimum data required for legal compliance will be retained, and only for the legally mandated period.

10. Third Parties & Processors

We engage the following categories of data processors, each bound by a Data Processing Agreement (DPA) in accordance with Article 28 GDPR:

Payment Processors

To process subscription payments. These processors do not have access to your email data.

Infrastructure & Hosting Providers

EU-based data centre providers who host our servers. All infrastructure is located within the EU.

We do not share your email content with any third party. We do not sell, rent, or trade your personal data. A full list of our sub-processors is available upon request from our DPO.

11. Your Rights Under GDPR

Under the GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, please contact our Data Protection Officer at dpo@proemails.uk.

We will respond to your request without undue delay and within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of the request.

Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to obtain access to the data and supplementary information.

Right to Rectification (Art. 16 GDPR)

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR)

You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing in certain circumstances, such as where you contest the accuracy of the data.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.

Rights Related to Automated Decision-Making (Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects on you.

12. Cookies & Tracking

ProEmails uses cookies and similar technologies strictly limited to the following purposes:

Strictly Necessary Cookies

Required for authentication, session management, and security. These cannot be disabled.

Functional Cookies

Used to remember user preferences (e.g., language settings, display options).

We do not use third-party advertising or tracking cookies. We do not use analytics services that transmit your data to third parties.

13. Data Breach Notification

In the event of a personal data breach, we will:

check_circle Notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (Article 33 GDPR), unless the breach is unlikely to result in a risk to your rights and freedoms.
check_circle Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms (Article 34 GDPR).
check_circle Document all breaches, including the facts, effects, and remedial action taken, in accordance with Article 33(5) GDPR.

14. Complaints

If you have concerns about how we handle your personal data, we encourage you to contact our Data Protection Officer first at dpo@proemails.uk so that we can address your concerns.

You also have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

UK Supervisory Authority

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

EU/EEA residents may also lodge a complaint with their local data protection authority. A list of EU supervisory authorities is available at: edpb.europa.eu

15. Changes to This Policy

We may update this GDPR & Data Protection policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Material changes will be communicated to you via email or through a prominent notice on our website prior to the change taking effect. We encourage you to review this page periodically.

Questions about your data?

Our Data Protection Officer is here to help with any questions or requests.

Contact Our DPO