1. Parties
This Data Processing Agreement forms part of the Terms of Service between:
- Customer (the Data Controller), and
- Email Calculator (the Data Processor).
2. Purpose of Processing
Email Calculator processes data solely to provide email analytics, reporting, and performance insights as requested by the Customer.
Processing is limited to operating and improving the service.
3. Nature of Data Processed
Depending on integrations enabled, processing may include:
- Account information (email address, display name, profile settings)
- Email campaign performance metrics (opens, clicks, bounces, conversions)
- Aggregated engagement statistics and analytics data
- ROI and revenue data from connected e-commerce platforms
- Lead generation data from connected forms and landing pages
- API credentials (stored encrypted)
- Report configurations and scheduled report preferences
- AI chat history and interactions (when using AI Assistant)
- Payment and billing information (processed by Stripe)
- Technical usage data (page views, feature usage, device information)
- Workspace configuration data — workspace names, settings, and membership records
- Team invitation data — email addresses and roles of invited team members
Email Calculator does not intentionally process subscriber contact lists or personal email content unless provided via connected integrations. The service connects to 50+ platforms including email marketing, e-commerce, and lead generation platforms.
4. Categories of Data Subjects
Data subjects whose data may be processed include:
- Customer account holders and authorized users
- Recipients of scheduled email reports
- Data derived from email campaign recipients (aggregated metrics only)
- Team members invited to workspaces (Agency plan)
- Invited collaborators whose email addresses are stored during the invitation process
5. Duration of Processing
Data will be processed for the duration of the service agreement and as long as the Customer maintains an active account. Upon account deletion or service termination, data will be deleted in accordance with Section 8 (Data Retention & Deletion).
6. Processor Obligations
Email Calculator agrees to:
- Process personal data only on documented instructions from the Customer
- Maintain appropriate technical and organisational security measures
- Ensure that persons authorized to process personal data are committed to confidentiality
- Assist the Customer in responding to data subject requests (access, rectification, erasure, restriction, portability)
- Assist the Customer in ensuring compliance with data security obligations
- Notify the Customer without undue delay (within 72 hours where possible) after becoming aware of a personal data breach
- Delete or return all personal data to the Customer upon termination of services (where technically feasible)
- Make available all information necessary to demonstrate compliance with this Agreement
7. Customer Obligations
As Data Controller, the Customer agrees to:
- Ensure it has a lawful basis for processing under applicable data protection laws
- Provide clear privacy notices to data subjects as required
- Ensure any instructions provided to Email Calculator comply with applicable laws
- Implement appropriate technical and organisational measures for data provided to the service
- Obtain necessary consents or authorizations for data shared through integrations
8. Sub-Processors
Email Calculator may use the following trusted third-party sub-processors to operate the service:
- Supabase - Authentication and database hosting
- Stripe - Payment processing
- OpenAI - AI-powered features (when Customer provides API key)
- Cloud hosting providers - Infrastructure and content delivery
- Analytics providers - Usage analytics and service improvement
- Email delivery services - Scheduled report delivery
Email Calculator will notify Customers of any intended changes to sub-processors, giving them the opportunity to object. A current and complete list of sub-processors is available upon request at contact@emailcalculator.com.
All sub-processors are bound by contractual obligations to maintain appropriate security measures and process data only as instructed.
9. Security Measures
Email Calculator implements appropriate technical and organisational security measures including:
- Data encryption in transit using HTTPS/TLS protocols
- Data encryption at rest for sensitive information (including API credentials)
- Secure authentication mechanisms and access controls
- Role-based access control (RBAC) for administrative functions
- Regular security updates and vulnerability assessments
- Secure infrastructure provided by reputable cloud service providers
- Logical separation of customer data
- Backup and disaster recovery procedures
- Security monitoring and logging
Security measures are regularly reviewed and updated to address evolving threats and maintain compliance with industry standards.
10. Data Subject Rights
Email Calculator will assist the Customer in fulfilling data subject requests, including:
- Right of access - Customers can access their data through the dashboard at any time
- Right to rectification - Customers can update their information via account settings
- Right to erasure - Customers can request account and data deletion
- Right to restriction - Customers can restrict processing by discontinuing integrations
- Right to data portability - Export features available in multiple formats (PDF, Word, PowerPoint, HTML, text)
- Right to object - Customers can object to processing by terminating the service
For data subject requests that require Email Calculator's assistance, contact contact@emailcalculator.com. We will respond within the timeframes required by applicable law (typically within 30 days).
11. Data Breach Notification
In the event of a personal data breach, Email Calculator will:
- Notify the Customer without undue delay, and where feasible within 72 hours of becoming aware of the breach
- Provide details of the nature of the breach, categories and approximate number of data subjects affected, and likely consequences
- Describe measures taken or proposed to address the breach and mitigate its possible adverse effects
- Provide contact details for further information
- Cooperate with the Customer in any investigation or notification to supervisory authorities or data subjects as required by law
12. Data Retention & Deletion
Customer data is retained only as long as necessary to provide the service or comply with legal obligations.
Retention periods:
- Active account data - Retained while account is active
- Report data and analytics - Retained while account is active or as configured by Customer
- Workspace and team data - Retained while the workspace exists and the owning account is active; deleted within 30 days of workspace or account deletion
- Team invitation records - Retained for audit purposes; removed upon account deletion
- Billing records - Retained for tax and legal compliance (typically 7 years)
- API credentials - Deleted immediately upon disconnection or account deletion
- Backup data - Automatically purged within 90 days of deletion
Customers may request deletion of their data at any time via account settings or by contacting contact@emailcalculator.com. Upon request, data will be deleted within 30 days, except where retention is required by law.
13. International Transfers
Where personal data is transferred outside the UK or European Economic Area (EEA), Email Calculator ensures appropriate safeguards are in place, including:
- Use of sub-processors that provide adequate protection under applicable data protection laws
- Standard Contractual Clauses (SCCs) approved by the European Commission where applicable
- Transfers to countries with adequacy decisions from the European Commission or UK Government
- Additional security measures to protect data in transit and at rest
Details of specific transfer mechanisms for each sub-processor are available upon request.
14. Audit Rights
Email Calculator will make available to the Customer, upon reasonable written request and subject to confidentiality obligations:
- Information necessary to demonstrate compliance with this Agreement
- Documentation of security measures and certifications
- Results of independent third-party security audits or certifications (subject to confidentiality restrictions)
Audit requests should be submitted to contact@emailcalculator.com with reasonable notice (typically 30 days). Any on-site audits must be conducted during business hours with minimal disruption to operations, and costs may be borne by the requesting party.
15. Termination
Upon termination of the service agreement:
- Customer may export all data using available export features before termination
- Email Calculator will delete or return all personal data within 30 days of termination (except where retention is required by law)
- Customers will receive confirmation of data deletion upon request
- Backup copies will be deleted in accordance with standard backup retention policies (within 90 days)
This Agreement remains in effect for as long as Email Calculator processes personal data on behalf of the Customer.
16. Liability and Indemnification
Each party's liability under this Agreement is subject to the limitations and exclusions set out in the Terms of Service.
The Customer acknowledges that Email Calculator is not liable for:
- Data processing activities carried out by the Customer or third-party integrations
- Compliance failures resulting from the Customer's instructions
- Security of data transmitted through third-party services (e.g., OpenAI, email marketing platforms)
- The Customer's failure to maintain appropriate security of their account credentials
17. Governing Law
This Agreement is governed by the same law as specified in the Terms of Service and shall be interpreted in accordance with applicable data protection legislation, including the UK GDPR and Data Protection Act 2018.