EU GDPR Policy

EU flag

Privacy protection is paramount to us

Privacy policy

When you use our services you entrust us with your valuable information. We have made it a priority to protect your data and to give you choices about controlling it. We understand that there are particular concerns from companies in the EU about how we use and protect your data, so we put this page together as a guide to answer some of the most common concerns you may have.

Security and Privacy

Gayatri Hitech's primary data and servers are hosted at Hetzner's data center (located in Helsinki) . We currently don't have plans to add servers in the EU (GDPR does not require physical servers in the EU).

Hetzner details

We provide multiple levels of backups and redundancy to ensure uptime and peace of mind. Data transferred from our customers to our servers is encrypted via SSL that is configured to meet or exceed all industry standards.

Data retention

Gayatri Hitech collects and retains content and metadata for all emails for 30 days to give customers the ability to access their full message history during that time.

What is GDPR?

In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It came into effect on May 25, 2018.

Why is GDPR important?

GDPR adds some new requirements regarding how companies should protect individuals' data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breaches.

What has Gayatri Hitech done to comply with GDPR?

As guidance about specific aspects of GDPR continues to be published, we will also continue our efforts to fine-tune and improve our compliance.

We have addressed cross border data transfers

Like the Data Protection Directive that preceded it, GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions, we have worked with legal counsel to create a standard Data Processing Addendum (DPA), which meets with GDPR requirements for agreements between Data Controllers (you) and Data Processors (us).

Does GDPR require that my information be stored in the EU?

No. Under GDPR a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU.

How do you manage access to my information (DSR requests)?

As of now, our intention is to service DSR requests (such as delete and export) manually. If you have an account with us, you may access, correct, or request that we delete your personal data by contacting us at support@spamcheetah.com.

This request can include personal data of other individuals, like your employees or customers that you have provided to us and who have requested this of you. We will respond to these requests within 14 days or less, which is well within the GDPR requirement of 30 days.

We are here for you

We are happy to answer any questions and address any concerns regarding how we protect your personal data in general, as well as specifically under GDPR. If you have any questions, please don't hesitate to contact us at privacy@spamcheetah.com.