Legal

GDPR Policy

Last updated: April 10, 2026

Our Commitment to GDPR

SendFlux Media is committed to handling personal data in accordance with the General Data Protection Regulation (GDPR) where applicable. This policy outlines how we handle data belonging to individuals in the European Economic Area (EEA) and United Kingdom.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Contract: Processing necessary to deliver services you have engaged us for
Legitimate Interest: Service communications and account management
Consent: Where you have explicitly opted in to receive communications

Data We Process

In the course of providing email marketing services, we may process:

Contact information of agency partners (name, email, company)
End-client subscriber list data on behalf of our agency clients (as a data processor)
Campaign performance analytics

Where we process end-client subscriber data on behalf of agencies, the agency acts as the data controller and SendFlux Media acts as the data processor. We process such data only per the agency's documented instructions.

Your Rights Under GDPR

If you are in the EEA or UK, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data ("right to be forgotten")
Object to or restrict processing of your data
Data portability — receive your data in a structured, machine-readable format
Lodge a complaint with your local data protection authority

Data Retention

We retain personal data only as long as necessary to deliver our services or as required by law. Upon cancellation of services, client data is deleted within 90 days unless a longer retention period is legally required.

Data Transfers

Our services are operated from the United States. If you are located in the EEA, your data may be transferred internationally. We take appropriate safeguards to ensure such transfers comply with GDPR requirements.

Sub-Processors

We use select third-party sub-processors to deliver our services, including Formspree (form submissions), Stripe (payments), and email service platforms. Each sub-processor is bound by appropriate data protection agreements.

Contact & Data Requests

To exercise any of your GDPR rights or ask questions about data handling, contact us at [email prote