127 people signed up today·Lifetime plans from $129 — limited spotsClaim Your Spot →
MailerSpark

GDPR Compliance

Last updated: April 2026

MailerSpark, operated by Trackepay Fintech, is committed to complying with the European Union's General Data Protection Regulation (GDPR). This page outlines how we protect the personal data of individuals in the European Economic Area (EEA) and the rights available to data subjects under the GDPR.

1. Our Commitment

We take data protection seriously and have implemented comprehensive measures to ensure GDPR compliance across our platform:

  • Privacy by Design: Data protection is built into every aspect of our platform, from product development to data processing operations.
  • Data Minimization: We only collect and process personal data that is necessary for the specific purposes outlined in our Privacy Policy.
  • Transparency: We provide clear and accessible information about how personal data is collected, used, and shared.
  • Security: We employ industry-standard security measures including encryption, access controls, and regular security audits to protect personal data.
  • Accountability: We maintain detailed records of our data processing activities and conduct regular compliance reviews.

2. Data Processing

MailerSpark acts as both a data controller and a data processor, depending on the context:

  • As a Data Controller: We determine the purposes and means of processing personal data related to our customers (account information, billing data, and usage analytics).
  • As a Data Processor: When our customers use MailerSpark to manage their email subscriber lists and send campaigns, we process personal data on their behalf according to their instructions.

We process personal data based on the following lawful bases under Article 6 of the GDPR:

  • Contractual Necessity: Processing required to perform our contractual obligations to you.
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving our services and preventing fraud.
  • Consent: Processing based on your explicit consent, which you may withdraw at any time.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

We offer a Data Processing Agreement (DPA) to all customers who require one. Please contact us to request a copy.

3. Your Rights Under the GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is being processed.
  • Right to Rectification (Article 16): You have the right to request the correction of inaccurate personal data or the completion of incomplete data.
  • Right to Erasure (Article 17): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Right to Restrict Processing (Article 18): You have the right to request the restriction of processing of your personal data under certain conditions.
  • Right to Object (Article 21): You have the right to object to the processing of your personal data for direct marketing purposes or processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact our Data Protection Officer using the details below. We will respond to your request within 30 days as required by the GDPR.

4. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. You can contact our DPO for any data protection-related inquiries:

You also have the right to lodge a complaint with a supervisory authority in your country of residence if you believe that our processing of your personal data violates the GDPR.

5. International Data Transfers

As a global platform, we may transfer personal data outside of the EEA. When we do, we ensure that appropriate safeguards are in place to protect your data in accordance with the GDPR:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses when transferring personal data to countries that have not received an adequacy decision from the European Commission.
  • Adequacy Decisions: Where possible, we transfer data to countries that the European Commission has recognized as providing an adequate level of data protection.
  • Technical Safeguards: All data transfers are protected with encryption in transit and at rest, ensuring the security and integrity of your personal data.
  • Sub-Processor Agreements: We maintain agreements with all sub-processors that require them to comply with equivalent data protection standards.

For more information about our data protection practices or to request a copy of the safeguards we use for international transfers, please contact us at support@mailerspark.com.