GDPR Compliance¶

Smailander is fully compliant with the EU General Data Protection Regulation (GDPR).

Smailander processes personal data in accordance with GDPR requirements:

Lawful Basis: Legitimate interest for security monitoring
Data Minimization: Only collect necessary data
Purpose Limitation: Use data only for intended purposes
Storage Limitation: Retain data only as long as necessary
Accuracy: Maintain accurate and up-to-date data
Integrity & Confidentiality: Secure data processing
Accountability: Demonstrate compliance measures

Data Processing¶

Data We Process¶

Email addresses (honeypots)
Email content (subject, body, attachments)
Email metadata (sender, timestamp, headers)
Threat analysis results
User account information

Legal Basis¶

Primary: Legitimate interest (Article 6(1)(f))
Alternative: Consent where applicable (Article 6(1)(a))

Your Rights¶

Under GDPR, you have right to:

1. Right to Access¶

Request a copy of your personal data.

GET /v1/users/me/data

2. Right to Rectification¶

Request correction of inaccurate data.

3. Right to Erasure¶

Request deletion of your data.

DELETE /v1/users/me

4. Right to Restrict Processing¶

Limit how we process your data.

5. Right to Data Portability¶

Receive your data in a machine-readable format.

6. Right to Object¶

Object to processing of your data.

Withdraw any consent given.

Data Retention¶

We retain data for:

Data Type	Retention Period	Legal Basis
User Accounts	Until account deletion	Contractual
Emails	365 days (default)	Legitimate interest
Email Attachments	365 days (default)	Legitimate interest
Threat Analysis	365 days	Legitimate interest
Audit Logs	2 years	Legal requirement
Analytics	365 days	Legitimate interest

Custom retention periods available for paid plans.

Data Security¶

We implement appropriate technical and organizational measures:

Encryption: AES-256 at rest, TLS 1.3 in transit
Access Controls: Role-based access control
Audit Logging: Complete audit trail
Regular Audits: Security and compliance audits
Data Breach Notification: Within 72 hours

Data Processing¶

Smailander processes all data internally within our secure infrastructure. All email processing, threat analysis, and data storage are handled by Smailander's integrated platform.

Data Subject Requests¶

Submit a Request¶

To exercise your GDPR rights:

Email: privacy@smailander.com

Include: - Your name - Your email address - The right you want to exercise - Specific details of your request

Response Time¶

We respond to requests within: - Simple Requests: 30 days - Complex Requests: Up to 60 days

Data Breaches¶

In the event of a data breach, we: 1. Detect and assess the breach 2. Notify affected individuals within 72 hours 3. Notify supervisory authorities 4. Provide details of the breach 5. Outline mitigation measures

DPO (Data Protection Officer)¶

Our Data Protection Officer:

Email: dpo@smailander.com

Compliance Certifications¶

GDPR: Fully compliant
ISO 27001: Certification in progress
SOC 2: Type II compliance planned

Resources¶

GDPR Text - Official GDPR regulation
EDPB Guidelines - European Data Protection Board

Support¶

Security - Security measures
Architecture - System architecture
Integrations - Integration guide
FAQ - Common questions
Contact - Get support

GDPR Compliance¶

GDPR Compliance Overview¶

Data Processing¶

Data We Process¶

Legal Basis¶

Your Rights¶

1. Right to Access¶

2. Right to Rectification¶

3. Right to Erasure¶

4. Right to Restrict Processing¶

5. Right to Data Portability¶

6. Right to Object¶

7. Right to Withdraw Consent¶

Data Retention¶

Data Security¶

Data Processing¶

Data Subject Requests¶

Submit a Request¶

Response Time¶

Data Breaches¶

DPO (Data Protection Officer)¶

Compliance Certifications¶

Resources¶

Support¶