Privacy Policy
Last updated: May 2026
1. Controller
AMArexTechOwner: Ahmed Amin Maatalla
Frankfurter Str. 13
57074 Siegen, Germany
hello@getmailtask.com
2. Overview
We respect your privacy. This policy explains what personal data we collect, why, and how we protect it. We comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the German Federal Data Protection Act (BDSG).
3. Data We Collect
3.1 Account Data
- Name, email address (from Microsoft sign-in)
- Subscription tier and billing status
- Login timestamps
3.2 Email Content (Solo/Team only)
- Email subject, sender, recipients, body
- Processed in real-time via Anthropic Claude API
- Not stored long-term unless you save the resulting task
3.3 Task Data
- Tasks you create or import (title, description, status, due date)
- Stored in our database (Supabase, hosted in Frankfurt, Germany)
3.4 Technical Data
- IP address (for security purposes only, not stored long-term)
- Browser type, device type
- Service usage logs
4. Why We Process Your Data (Legal Bases)
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the Service | Contract performance (Art. 6 (1) (b)) |
| Process payments | Contract performance (Art. 6 (1) (b)) |
| Email analysis via AI | Contract performance (Art. 6(1)(b) GDPR) |
| Security and fraud prevention | Legitimate interest (Art. 6 (1) (f)) |
| Legal obligations (e.g., tax records) | Legal obligation (Art. 6 (1) (c)) |
5. Third-Party Service Providers
We use these service providers, each compliant with GDPR:
| Provider | Purpose | Location |
|---|---|---|
| Microsoft Graph API | Email + Task sync | EU/Global |
| Anthropic Claude API | AI email analysis | USA (Standard Contractual Clauses) |
| Supabase | Database hosting | Frankfurt, Germany |
| Vercel | Application hosting | USA (Standard Contractual Clauses) |
| Paddle.com Market Ltd. | Payment processing (Merchant of Record) | United Kingdom (adequacy decision) |
| JetBrains YouTrack API | Task sync (optional) | Czech Republic (EU) |
Data processing agreements (DPAs) under Art. 28 GDPR are in place with Microsoft, Anthropic, Supabase, Vercel and JetBrains. Paddle acts as Merchant of Record and is an independent controller for payment processing; in that respect, no data processor relationship exists.
6. Data Transfers Outside the EU
We transfer personal data to third countries:
- Anthropic (USA):transfer of email content for AI analysis on the basis of the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR, Module 2) pursuant to Anthropic's Data Processing Agreement.
- Vercel (USA): application hosting on the basis of the EU Standard Contractual Clauses.
- Paddle (United Kingdom):payment processing on the basis of the EU Commission's adequacy decision for the United Kingdom.
7. Data Retention
| Data Type | Retention |
|---|---|
| Account data | Until account deletion |
| Email content | Not retained beyond processing (real-time only) |
| Tasks | Until you delete them or close your account |
| Login logs | 90 days |
| Billing records | 10 years (legal obligation) |
After account deletion, all personal data is removed within 30 days, except where legal retention is required.
8. Your Rights (GDPR)
You have the right to:
- Access your data (Art. 15)
- Correct inaccurate data (Art. 16)
- Delete your data (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time (Art. 7)
- Lodge a complaint with a supervisory authority
To exercise your rights: hello@getmailtask.com
The competent supervisory authority for us:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4, 40213 Düsseldorf, Germany
9. Your Rights (CCPA, California Residents)
If you are a California resident, you have the right to:
- Know what personal information is collected
- Know whether your information is disclosed and to whom
- Opt out of the sale of your data (we do not sell data)
- Request deletion of your data
Contact: hello@getmailtask.com
10. Cookies
We use only essential cookies required for authentication and session management. We do not use tracking, analytics, or advertising cookies.
11. Security
We implement technical and organizational measures including:
- TLS encryption for data in transit
- AES-256 encryption for data at rest
- Limited access to data on a need-to-know basis
- Regular security audits
12. Children
The Service is not intended for users under 16. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this policy. Material changes will be communicated by email at least 30 days in advance.
14. Contact
Privacy questions: hello@getmailtask.com
AMArexTech | Owner: Ahmed Amin Maatalla | Frankfurter Str. 13, 57074 Siegen, Germany
← Back to homepage