top of page

DATA PROCESSING AGREEMENT (DPA)

Effective Date: 31st Oct 2025
Applies to: Users of Millionaire.email

 

1. Introduction

This Data Processing Agreement (“DPA”) explains how Millionaire.email (“we”, “our”, “us”) processes and protects personal data on behalf of users (“you”, “Controller”) in accordance with the General Data Protection Regulation (GDPR).

This DPA forms part of our Terms of Service and applies whenever we process personal data for you through our services.

Millionaire.email acts as the Data Processor.
You (the customer) act as the Data Controller.

 

2. Roles and Responsibilities

Controller (You)

  • You decide what personal data is stored and how it is used.

  • You are responsible for the lawfulness of the data you collect.

  • You must provide instructions to us when needed.

Processor (Millionaire.email)

We process data:

  • Only on your behalf

  • Only according to your instructions

  • Never for our own purposes

We do not access or use your data unless required for security, maintenance, or by law.

 

3. Purpose of Processing

We process personal data only to provide and improve email hosting services, including:

  • Email sending and receiving

  • Account creation and authentication

  • Security monitoring

  • Troubleshooting & support

  • Backup and storage

We do not sell, share, or use your data for advertising.

 

4. Categories of Data Processed

Depending on how you use our services, we may process:

  • Email content and metadata

  • Account information

  • Authentication data

  • IP addresses

  • Billing information

  • Usage logs (for security only)

We do not intentionally process special categories of data unless you store them yourself.

 

5. Sub-Processors

To deliver our services, we rely on trusted infrastructure partners such as:

  • Contabo GmbH – server hosting & data center infrastructure
    (Your uploaded Contabo DPA applies here.)

We ensure all sub-processors:

  • Comply with GDPR

  • Follow strict security requirements

  • Only process data to deliver their service

You will be notified if new sub-processors are added.

 

6. International Data Transfers

Your data may be stored in the EU or other locations depending on your selected server region.

All international transfers follow GDPR rules, including:

  • Standard Contractual Clauses (SCCs)

  • Adequate protection level assessments

 

7. Security Measures

We implement industry-standard technical and organizational measures, including:

  • TLS 1.3 encrypted data transmission

  • Encrypted server-to-server communication

  • Strong password enforcement

  • 2-factor authentication

  • Network isolation & firewall controls

  • Regular security audits

  • DDoS protection

  • Access logging and monitoring

  • Backup and disaster recovery systems

  • Strict employee confidentiality

We continuously update and improve our security posture.

 

8. Data Breach Notification

If we become aware of a personal data breach, we will:

  1. Notify you without undue delay

  2. Provide all available details

  3. Assist you with legal reporting obligations

  4. Mitigate the effects as quickly as possible

 

9. Data Subject Requests

If your users request access, deletion, or correction of their data:

  • You are responsible for responding as the Controller

  • We will assist you if the request involves data we process on your behalf

 

10. Return or Deletion of Data

When your account is closed or upon request:

  • All personal data is securely deleted from our systems

  • Backups are also erased according to our retention schedule

  • No data is retained beyond what is legally required

 

11. Audits & Compliance

You may request documentation that proves our GDPR compliance.
We will provide:

  • Security overviews

  • Audit logs

  • Sub-processor information

  • Technical and organizational measure summaries

Formal audits may be conducted under reasonable conditions.

 

12. Liability

Each party is responsible for complying with GDPR within their role.

  • You are responsible for the legality of the data you control

  • We are responsible for secure processing according to your instructions

If a breach occurs due to our failure, we accept responsibility for our part.
If a breach occurs due to your actions or misconfiguration, you assume responsibility as the Controller.

 

13. Updates to This DPA

We may update this DPA to maintain legal compliance.
You will be notified of any material changes.

 

14. Contact

For questions about this DPA or GDPR compliance:

Millionaire.email – Data Protection Office
Email: privacy@millionaire.email
Website: https://millionaire.email

bottom of page