Effective date: January 1, 2026 · Controller: Cloud Server for Email OÜ, Estonia (EU) · Regulation: EU GDPR 2016/679
Cloud Server for Email OÜ is a company registered in the Republic of Estonia, providing managed email sending infrastructure services to business clients across Europe and internationally. In the context of this Privacy Policy, we act as the Data Controller for personal data collected through our website and in the course of our business operations.
For privacy-related inquiries, data subject requests, or questions about this policy, contact us at:
When you visit cloudserverforemail.com, we may collect:
In the course of providing or discussing our services, we collect:
When clients use our infrastructure to send email, we process personal data (primarily recipient email addresses) on their behalf as a Data Processor. In this role, we process data strictly according to client instructions and our Data Processing Agreement. We do not use recipient email addresses for our own purposes.
| Processing Activity | Legal Basis | Details |
|---|---|---|
| Responding to contact form submissions | Article 6(1)(b) GDPR — Contractual | Processing necessary to respond to pre-contractual inquiries |
| Providing contracted services | Article 6(1)(b) GDPR — Contractual | Processing necessary to perform the service contract |
| Billing and invoicing | Article 6(1)(c) GDPR — Legal obligation | Necessary for VAT and accounting compliance |
| Website analytics | Article 6(1)(f) GDPR — Legitimate interests | Understanding website usage to improve our service |
| Security monitoring | Article 6(1)(f) GDPR — Legitimate interests | Protecting our systems and client data |
| Marketing communications | Article 6(1)(a) GDPR — Consent | Only where you have explicitly opted in |
We use client contact and business information to: communicate about service setup and ongoing management, provide technical support and incident response, send service notifications and infrastructure status updates, and fulfill contractual obligations including invoicing.
Technical data including IP addresses and sending configurations is used to configure, monitor, and optimize your email infrastructure. This data is also used in aggregated, anonymized form to improve our operational procedures and reference documentation.
We process access logs, IP addresses, and system activity records to detect unauthorized access, investigate security incidents, and protect the integrity of our infrastructure and client data. This processing is based on our legitimate interest in maintaining secure systems.
We retain certain data as required by applicable law, including financial records (invoices, payment records) for the period required by Estonian and EU accounting regulations, and communications relevant to contractual disputes for the applicable statute of limitations period.
| Data Category | Retention Period | Reason |
|---|---|---|
| Contact form submissions (non-converted) | 12 months | To follow up on inquiries; deleted after |
| Client contact information | Duration of contract + 5 years | Legal and contractual obligations |
| Billing and invoice records | 7 years | Estonian accounting law requirement |
| Technical logs (access, error) | 90 days | Security monitoring; deleted on rotation |
| Email infrastructure accounting logs | 90 days active, archived 2 years | Deliverability analysis and dispute resolution |
| Marketing consent records | Until withdrawal + 3 years | Evidence of consent |
We do not sell personal data to third parties under any circumstances. We share personal data with third parties only in the following limited circumstances:
All third-party data processors engaged by Cloud Server for Email are evaluated for GDPR compliance and operate under written data processing agreements that restrict them to processing data only as instructed by us.
Our primary infrastructure is located within the European Union (Estonia). Where we engage third-party services that may process data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission. We do not knowingly transfer personal data to countries that lack an adequacy decision without appropriate safeguards.
If you are located in the European Economic Area, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at infrastructure@cloudserverforemail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or the supervisory authority in your EU member state of residence.
Our website uses limited technical cookies necessary for website functionality (session management, security tokens). We do not use third-party advertising tracking cookies. Where we use analytics tools to understand website usage patterns, these are configured to anonymize IP addresses and avoid cross-site tracking.
You can disable cookies through your browser settings. This may affect website functionality but will not prevent you from accessing our content.
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures include encrypted communications (TLS/HTTPS for all web traffic, encrypted email for sensitive communications), access controls limiting data access to personnel who require it for their role, regular security assessments of our infrastructure, and incident response procedures for data breach detection and notification.
In the event of a personal data breach that is likely to result in risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected individuals without undue delay where required by GDPR Article 34.
We may update this Privacy Policy to reflect changes in our data processing practices, legal requirements, or service offerings. Material changes will be communicated by posting a notice on our website with the updated effective date. We encourage you to review this policy periodically.
For any questions, concerns, or to exercise your data protection rights, contact our privacy team at infrastructure@cloudserverforemail.com. If you are unsatisfied with our response, you have the right to complain to the Estonian Data Protection Inspectorate at aki.ee.
Cloud Server for Email does not use automated decision-making or profiling processes that produce legal or similarly significant effects on individuals in the course of our normal service operations. Technical monitoring systems that automatically alert us to infrastructure events are not decision-making systems affecting individuals — they monitor technical performance metrics, not personal data.
If Cloud Server for Email were to implement any form of automated decision-making that affects service provision to clients or individuals, we would provide appropriate information under GDPR Article 22 and ensure the safeguards required by that provision are in place.
This Privacy Policy is available in English. We will make reasonable efforts to provide translations or summaries in other languages upon request if necessary for accessibility. For the avoidance of doubt, the English version is the authoritative version in case of any discrepancy. This policy is available at cloudserverforemail.com/privacy-policy.html and is linked from our website footer.
This Privacy Policy is written in plain English and is intended to be understood by individuals without legal training. Where technical or legal terms are used, we have endeavored to explain them in context. If any aspect of this policy is unclear, contact us at infrastructure@cloudserverforemail.com for clarification. We prefer transparency over legal complexity.
Last updated: January 2026
