Legal
GDPR Compliance
Your data privacy is fundamental to everything we build. WarmupSleuth is fully compliant with the EU General Data Protection Regulation.
Last updated: March 2026
Our Commitment
WarmupSleuth is committed to protecting the privacy and security of your personal data. As a data controller and processor, we adhere to the principles of the General Data Protection Regulation (EU) 2016/679, ensuring lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality in all data processing activities.
All email credentials are encrypted with AES-256-GCM, passwords are hashed with Argon2id, and all production traffic is served over TLS 1.3.
Data We Process
We only collect data necessary to deliver our email warmup service.
| Data Type | Details | Lawful Basis |
|---|---|---|
| Account Information | Name, email, organization | Contract Performance |
| Email Credentials | IMAP/SMTP passwords (AES-256-GCM encrypted) | Contract Performance |
| Usage Data | Login history, feature usage, IP addresses | Legitimate Interest |
| Warmup Analytics | Delivery rates, reputation scores, engagement metrics | Contract Performance |
| Billing Information | Processed via Stripe (we never store card numbers) | Contract Performance |
| Cookies & Tracking | Session cookies, analytics (with consent) | Consent |
Your Rights
Right of Access
Request a copy of all personal data we hold about you, including warmup analytics and account details.
Right to Rectification
Correct any inaccurate or incomplete personal data. Update your profile at any time from account settings.
Right to Erasure
Request deletion of your personal data. All data is purged within 30 days of account deletion, including encrypted credentials.
Right to Data Portability
Receive your data in a structured, machine-readable format (JSON/CSV) that you can transfer to another service.
Right to Restriction
Request that we limit the processing of your data while a dispute or verification is resolved.
Right to Object
Object to processing based on legitimate interest, including profiling and direct marketing communications.
Data Protection Officer
For privacy inquiries, data subject requests, or GDPR concerns:
dpo@warmupsleuth.comWe respond within 30 days as required by GDPR Article 12.
Data Processing & Retention
We process personal data exclusively for the purposes of providing the WarmupSleuth email warmup service, improving platform performance, ensuring security, and complying with legal obligations.
Retention Policy
- Active accounts: Data is stored for the duration of your account.
- After deletion: All personal data is permanently purged within 30 days.
- Encrypted credentials: Immediately destroyed upon mailbox removal or account deletion.
- Audit logs: Retained for 12 months for security compliance, then anonymized.
International Transfers
Where data is transferred outside the EEA, we ensure protection through Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions. All sub-processors are contractually bound to GDPR-equivalent protections.
Breach Notification
In the event of a personal data breach, we notify the relevant supervisory authority within 72 hours (GDPR Article 33), inform affected data subjects without undue delay if high risk exists, and document all breaches in our internal register.
Sub-Processors
We engage the following sub-processors to deliver our services. Each is bound by data processing agreements ensuring GDPR compliance.
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure & hosting | EU (Frankfurt) |
| Stripe | Payment processing | USA (EU SCCs) |
| OpenAI | AI email generation | USA (EU SCCs) |
| Redis Labs | Caching & job queues | EU |
| Hetzner | Server infrastructure | EU (Germany) |
Cookie Policy
WarmupSleuth uses cookies strictly necessary for the operation of the platform (session management, authentication) and, with your explicit consent, analytics cookies to improve our service.
Essential
Authentication, session, CSRF protection
Consent: Not required
Functional
Language preferences, UI settings
Consent: Not required
Analytics
Usage patterns, page views
Consent: Required
How to Exercise Your Rights
To exercise any of your data subject rights, you may:
- Email our Data Protection Officer at dpo@warmupsleuth.com
- Use the data export and deletion features in your account settings
- Submit a request via our contact form at warmupsleuth.com/contact
We will verify your identity before processing any request and respond within 30 days. If we need additional time (up to 60 more days for complex requests), we will inform you within the initial 30-day period.
Supervisory Authority
If you believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local EU/EEA supervisory authority. A list of supervisory authorities is available on the European Data Protection Board website.