MailOdds

Legal

Privacy Policy

Last updated: March 23, 2026

Introduction

MailOdds ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email validation service and website.

MailOdds is operated by a company registered in Amsterdam, The Netherlands (KVK 99761246), and we comply fully with the General Data Protection Regulation (GDPR/AVG) and other applicable Dutch and European data protection laws, including the Uitvoeringswet AVG (UAVG) and the Telecommunicatiewet.

MailOdds acts as a controller for your account data, billing information, product analytics, and fraud prevention. When you upload email addresses for validation, manage contact lists, send email campaigns, or use engagement tracking, MailOdds acts as a processor on your behalf. Our processing obligations as a processor are governed by our Data Processing Agreement.

By using our services, you agree to the collection and use of information in accordance with this policy.

Data We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted)
  • Company name (optional)
  • Billing information (processed by our payment provider)

Providing your email address and name is necessary to create an account and use our services. If you do not provide this information, we cannot provide the service.

Email Addresses You Validate

For single email checks, addresses are processed in transit and not stored. For bulk validation jobs, email addresses and results are stored for up to 7 days to allow you to download results, then permanently deleted. You can delete job data sooner from your dashboard.

Usage Data

We automatically collect:

  • API usage statistics (number of validations, timestamps)
  • IP addresses for security and rate limiting
  • Browser type and version
  • Pages visited and time spent

How We Use Your Data

We use the information we collect to:

  • Provide and maintain our email validation service
  • Process your transactions and manage your account
  • Send you service-related communications
  • Improve our service and develop new features
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

Data Storage & Security

Your data is stored on secure servers located within the European Union (Germany). We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication for our team
  • Automated backup systems with encryption

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you promptly in case of any data breach as required by GDPR.

Data Sharing

We do not sell your personal data. We may share your information with:

  • Payment processors: To process your payments (e.g., Stripe). They have their own privacy policies.
  • Infrastructure providers: Cloud hosting services that store our data within the EU.
  • Legal authorities: When required by law or to protect our rights.

All third-party providers we work with are GDPR-compliant and have signed Data Processing Agreements (DPAs) with us. A complete list of our sub-processors is available at /legal/sub-processors.

International Transfers

Our primary infrastructure is hosted by Contabo GmbH in Germany (EU). No international transfer of personal data occurs for core service hosting.

We use the following service providers located outside the European Economic Area (EEA):

  • Stripe, Inc. (United States) for payment processing. Stripe is certified under the EU-US Data Privacy Framework (DPF).
  • Cloudflare, Inc. (United States) for bot protection (Turnstile) and DNS management. Cloudflare is certified under the EU-US Data Privacy Framework.
  • Google LLC (United States) for OAuth authentication, only if you choose to sign in with Google. Google is certified under the EU-US Data Privacy Framework.
  • GitHub, Inc. (Microsoft) (United States) for OAuth authentication, only if you choose to sign in with GitHub. GitHub/Microsoft is certified under the EU-US Data Privacy Framework.
  • Proton AG (Switzerland) for transactional email delivery. Switzerland has an EU adequacy decision; no additional transfer mechanism is required.

For all US-based transfers, we rely on the EU-US Data Privacy Framework as the primary transfer mechanism. We verify DPF certifications and maintain Standard Contractual Clauses (SCCs) as a backup mechanism, in line with EDPB recommendations.

Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to access: Request a copy of your personal data.
  • Right to rectification: Correct inaccurate personal data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to restriction: Request restriction of processing your data.
  • Right to portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at privacy@mailodds.com. We will respond within 30 days as required by GDPR.

Automated Decision-Making

We use automated fraud detection scoring to protect our platform. This processing is based on our legitimate interest in platform security (Art. 6(1)(f)). No automated decisions with legal or similarly significant effects are made solely based on automated processing.

Fraud scores may influence account review workflows, but a human always makes the final determination on account suspension or termination.

Cookies

We use cookies and similar technologies to:

  • Essential cookies: Required for the website to function (authentication, security).
  • Analytics cookies: Help us understand how visitors use our website.

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality. For a full inventory of the cookies we use, see our Cookie Policy.

Data Retention

We retain your data for as long as necessary to provide our services:

  • Account data: Until you delete your account, plus 30 days for recovery.
  • Usage logs: 90 days for security and debugging purposes.
  • Billing records: 7 years as required by Dutch tax law (AWR Art. 52).
  • Single email checks: Not retained after validation completes.
  • Bulk job results: 7 days from completion, then auto-purged. You can delete sooner.
  • Webhook delivery records: 30 days, then auto-purged.
  • Inbound message records (bounce, complaint, reply metadata): 90 days, then auto-purged.
  • Audit logs: 2 years (required for accountability under Art. 5(2) GDPR), then auto-purged.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also send you an email notification.

Complaints & Supervisory Authorities

You have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) if you believe your data protection rights have been violated. You can reach them at autoriteitpersoonsgegevens.nl.

For complaints about commercial electronic messages (spam), the Autoriteit Consument & Markt (ACM) is the competent authority.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@mailodds.com
  • Address: Nassaukade 51 2, 1052CN Amsterdam, The Netherlands
  • KVK: 99761246

For GDPR-related inquiries, you can also contact our Data Protection Officer at dpo@mailodds.com.