GDPR

Last updated: 23 May 2026

Mailotte was built so that data protection is the default, not an afterthought. This statement summarises how MAILOTTE LTD complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018, and how you can exercise your rights. It complements our Privacy Policy.

1. Data Controller

  • MAILOTTE LTD
  • Registered in England and Wales, company number 17119010
  • Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • Data protection contact: privacy@mailotte.com

2. Lawful Bases for Processing

We process your personal data only where we have a lawful basis under Article 6 of the GDPR:

  • Performance of a contract: to create and operate your account and to send, receive, and store your email.
  • Legitimate interests: to keep the service secure, prevent spam and abuse, and diagnose errors — balanced against your rights.
  • Legal obligation: to retain billing and tax records and to respond to lawful requests from authorities.
  • Consent: for optional features you switch on yourself, such as browser push notifications. You can withdraw consent at any time.

3. Your Rights

Under the UK GDPR and EU GDPR you have the right to access, rectify, erase, restrict, and port your data, to object to processing based on legitimate interests, to withdraw consent, and not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. We respond within one month, free of charge unless a request is manifestly unfounded or excessive.

4. Exercising Your Rights

You can exercise most rights directly from your account:

  • Export your data: request a complete export containing your profile and settings, every message in standard .eml (RFC 5322) format, your contacts, and your activity log.
  • Delete your account: request deletion, which (after a short grace period during which you can cancel) permanently removes your messages and attachments from storage, your account and related records from our database, and your mailbox from the mail server.

For any other request, contact privacy@mailotte.com.

5. Data We Process & Retention

  • Account data and mailbox content — for the life of your account
  • Security audit logs and login history — 90 days
  • Mail delivery events — 30 days
  • Items in Trash — 30 days, then permanently deleted
  • Billing records — as required by UK tax and accounting law

6. Where Your Data Is Stored

Your mailboxes, attachments, and account data are stored exclusively on servers located in the European Union (Germany). MAILOTTE LTD is a UK company, so limited personal data (such as account and billing identifiers) may be accessed from the United Kingdom; UK–EU transfers are covered by the mutual adequacy decisions in force between the UK and the EU. Where a subprocessor processes data outside the UK and EEA (for example, our payment processor’s US affiliates), the transfer is protected by Standard Contractual Clauses and the UK International Data Transfer Addendum under Article 46. Stored email content is never transferred outside the EEA.

7. Security & Breach Notification

We encrypt data in transit and at rest, enforce strict access controls, support two-factor authentication, and block email tracking pixels by default. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay, as required by Articles 33 and 34 of the GDPR.

8. Automated Processing & AI

Mailotte’s optional AI features (such as summaries and draft assistance) run on a local large-language model hosted on our own EU servers, with an EU-resident fallback provider where necessary. We do not use your private email content to train machine-learning models, and we do not send it to US-based AI providers. These features assist you and do not make decisions that produce legal or similarly significant effects about you.

9. Complaints

We would always prefer to resolve your concern directly — please contact us first. You also have the right to lodge a complaint with a supervisory authority. Our lead authority is:

  • Information Commissioner’s Office (ICO)
  • Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
  • ico.org.uk

If you are in the European Economic Area, you may instead complain to the supervisory authority of your country of residence.

10. Contact Us

For any data protection question or to exercise your rights, contact us at privacy@mailotte.com.

Scroll to Top