Cloud Server for Email is committed to protecting the privacy of our clients and the individuals whose data flows through the infrastructure we operate. This policy explains what personal data we collect, how we use it, your rights regarding that data, and how we protect it. If you have questions not addressed here, contact us at privacy@cloudserverforemail.com.

Data We Collect and Why

Account and Contact Data. When you create an account or contact us, we collect: your name, email address, company name, billing address, and payment information. This data is used to provide our services, process payments, and communicate with you about your account. We retain this data for the duration of your account plus 7 years for billing record compliance.

Service Usage Data. We collect technical data about your use of our infrastructure: sending volumes, delivery statistics, IP usage logs, authentication event logs, and MailWizz platform activity. This data is used for service operation, billing accuracy, deliverability monitoring, and abuse prevention. Sending logs are retained for 90 days. Aggregate statistics are retained for 2 years.

Subscriber Data (Your Data). Email addresses, names, and other personal data you upload to MailWizz or transmit through our relay infrastructure are your data — we act as a data processor under your instructions. We do not access this data except as necessary to operate the infrastructure you have contracted for, and we do not use it for any other purpose. This data is retained as you configure within MailWizz, and deleted within 30 days of account termination.

Website and Analytics Data. Our website uses basic analytics to understand traffic patterns and content performance. We use privacy-respecting analytics that do not track individual users across sessions or share data with advertising networks. IP addresses in server logs are anonymised after 7 days.

How We Use Your Data

  • Service provision: Configuring and operating your infrastructure, processing sends through our relay, maintaining your MailWizz installation
  • Billing: Generating invoices, processing payments, maintaining financial records
  • Support: Responding to support requests, diagnosing technical problems, providing configuration assistance
  • Deliverability monitoring: Monitoring IP reputation, detecting abuse, responding to blacklist events and ISP complaints
  • Legal compliance: Responding to valid legal requests, maintaining records required by applicable law
  • Service communications: Notifying you of maintenance, security updates, service changes, and policy updates

We do not sell personal data. We do not use your data for advertising. We do not share your data with third parties except as described in the "Data Sharing" section below.

Data Sharing

We share personal data with third parties only in the following circumstances:

Infrastructure Operations. CSE OÜ operates its own datacenter at Tornimae 5, 2nd Floor, 10145 Tallinn, Estonia. Server hardware is owned and managed directly by CSE OÜ; no third-party datacenter operator has access to the content of your data or your subscriber lists.

Payment Processors. Payment card data is processed by our payment processor (Stripe or equivalent) and is not stored on our systems. We receive only a payment token and billing confirmation. Our payment processors are PCI-DSS compliant.

ISPs and Email Networks. Sending email through our infrastructure necessarily involves transmitting your messages to recipient ISPs (Gmail, Outlook, Yahoo, and others). These ISPs process message data according to their own privacy policies as part of email delivery.

Legal Requirements. We may disclose data when required by valid law enforcement requests, court orders, or regulatory obligations. We will notify you of such requests unless legally prohibited from doing so.

Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you and information about how it is used.

Right to Rectification

Request correction of inaccurate personal data we hold about you.

Right to Erasure

Request deletion of your personal data where we have no legitimate basis for retaining it.

Right to Portability

Receive your personal data in a structured, machine-readable format for transfer to another provider.

To exercise any of these rights, contact us at privacy@cloudserverforemail.com. We will respond within 30 days. If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national data protection authority.

Data Protection Officer: We are not required to appoint a DPO under current GDPR thresholds, but privacy enquiries are handled by our data privacy contact at privacy@cloudserverforemail.com and receive priority handling.

Data Security

We implement technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure:

  • All data transmission between clients and our infrastructure uses TLS 1.2 or higher
  • MailWizz platform access is protected by account authentication and, on request, two-factor authentication
  • Server infrastructure runs in our physically secured datacenter in Tallinn, Estonia, with access logging
  • Administrative access to production systems is restricted to named personnel with documented justification
  • Security patches are applied within 72 hours of release for critical vulnerabilities

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

Last updated: April 2026. This policy may be updated periodically. Material changes will be communicated by email to account holders with at least 14 days notice before the changes take effect.

Frequently Asked Questions

Do you share my subscriber list with anyone?

No. Your subscriber lists and the personal data they contain are your data. We act as a data processor under your instructions. We do not access, sell, or share your subscriber data with any third party. The only processing we perform is the operational processing required to deliver your email through our infrastructure.

Are you GDPR compliant?

Yes. CSE OÜ operates from its own datacenter at Tornimae 5, Tallinn, Estonia, implements appropriate technical and organisational security measures, provide data subject rights support, and can execute a Data Processing Agreement (DPA) as required for organisations processing EU resident data. Contact us for a DPA.

How long do you retain email sending logs?

Detailed delivery logs (per-message delivery records) are retained for 90 days. Aggregate statistics (volume, delivery rates, bounce rates) are retained for 24 months for trend analysis. On account termination, all subscriber data is deleted within 30 days.

Can I get a Data Processing Agreement?

Yes. A DPA is available on request for organisations processing personal data of EU residents. Contact privacy@cloudserverforemail.com to request the DPA. Execution of the DPA is recommended before beginning any processing of EU resident data through our infrastructure.

Questions About Privacy or Data Processing?

Contact our privacy team directly for questions about data processing, GDPR compliance, DPAs, or data residency requirements.

Contact Privacy Team →

PowerMTA + MailWizz

Dedicated infrastructure. Managed operations. Full deliverability control. Starting at €490/month.

View Plans