Privacy Policy
Effective 5 May 2026
1Who We Are
Mailendar (“we”, “us”) operates the Mailendar service. For GDPR purposes, we are the data controller. Contact: legal@team.mailendar.app
2What Data We Collect
- Account data: name, email address, password (hashed), timezone
- Email content: forwarded emails you send to the Service for parsing
- Usage data: event records, calendar configuration, pipeline activity logs
- Technical data: IP address (used for rate limiting, not stored long-term), authentication cookies
3Why We Process Your Data
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails | Contract |
| Rate limiting and abuse prevention | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4AI Processing
Email content you send to the Service is processed by third-party AI providers, including OpenAI, to extract event information. This processing occurs on your instructions as part of the core Service. We do not use your content to train AI models. OpenAI’s privacy policy applies to this processing.
5Data Retention
- Account and event data: retained while your account is active, deleted immediately upon account deletion
- Email content: not stored after parsing is complete
- Logs: retained for up to 90 days or as managed by our hosting provider
6Third-Party Services
| Provider | Purpose |
|---|---|
| OpenAI | AI email parsing |
| Fly.io | Cloud hosting |
| Stripe | Payment processing |
| Postmark | Transactional email delivery |
7Your Rights (GDPR)
As an EU/EEA resident you have the right to: access, rectify, erase, restrict, or port your data, and to object to processing. To exercise these rights, email legal@team.mailendar.app. We will respond within 30 days. You may also lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.
8Cookies
We use one strictly necessary cookie (access_token) for authentication. No tracking or advertising cookies are used.
9Data Transfers
Your data is processed in the United States (by OpenAI, Fly.io, Postmark, and Stripe). Transfers outside the EEA are covered by Standard Contractual Clauses or equivalent safeguards.
10Children
The Service is not directed at children under 16. We do not knowingly collect data from children.
11Changes
We will notify you by email at least 14 days before material changes to this policy.
12Contact
Privacy requests and questions: legal@team.mailendar.app