Data Processing Agreement

Overview

This Data Processing Agreement ("DPA") is entered into between you ("Controller") and Mailbeam ("Processor") in accordance with Article 28 of the General Data Protection Regulation (GDPR) (EU) 2016/679.

By using the Mailbeam API, you agree to this DPA. If your organization requires a countersigned copy, contact us at legal@mailbeam.dev.

Subject matter and purpose

Mailbeam processes email addresses submitted by the Controller solely for the purpose of email verification as described in the API documentation.

Nature of processing

• Validating email address syntax, domain, and mailbox existence
• Checking against disposable and role-based address lists
• Returning a structured verification result

Processor obligations

Mailbeam shall:

• Process personal data only on documented instructions from the Controller.
• Ensure all staff handling personal data are bound by confidentiality obligations.
• Implement appropriate technical and organizational security measures (Article 32 GDPR).
• Not engage sub-processors without prior notification to the Controller.
• Assist the Controller in fulfilling data subject rights requests.
• Delete or return all personal data upon termination of the agreement.
• Provide all information necessary to demonstrate compliance with Article 28.

Data residency

All processing takes place exclusively within the European Union. No international transfers are made.

Sub-processors

Current sub-processors:

• Hetzner Online GmbH (EU) — infrastructure hosting
• Stripe, Inc. (EU entity) — payment processing

We will notify you at least 14 days before adding or changing sub-processors.

Request a signed DPA

Enterprise customers can request a countersigned DPA. Email legal@mailbeam.dev with your company name and we will respond within two business days.