EN

Privacy Policy

Last updated: April 19, 2026Effective date: April 19, 2026
Privacy Policy · Last updated April 19, 2026
Back to top

This Privacy Policy explains how PrometheusMail (we, us, or our) collects, uses, and protects your personal data when you use our services, website, and applications (the Services).

PrometheusMail is operated by [COMPANY NAME] registered in Poland, European Union.

We take your privacy seriously. This policy is written in plain language so you can understand exactly what happens with your data.

Who we are

PrometheusMail is a SaaS platform providing AI-powered email automation, CRM, and team communication tools for agencies. We are based in Poland and operate under EU jurisdiction.

Contact: kontakt@dmspure.com

What data we collect

Account information

  • Name
  • Email address
  • Company name
  • Billing information (processed by Stripe)
  • Authentication credentials

Email content (when you connect your inbox)

  • Email messages (for AI processing)
  • Sender/recipient information
  • Attachments (when relevant)
  • Email metadata

Usage data

  • Login timestamps
  • Feature usage statistics
  • Error logs
  • IP address

Client data in your CRM

  • Contact information you add
  • Project details
  • Notes and activities you create

Cookies and tracking

  • Essential cookies (authentication, security)
  • Analytics cookies (anonymized)
  • No third-party advertising cookies

Why we collect this data

  • To provide the Services (email AI, CRM, chat)
  • To authenticate and secure your account
  • To process payments
  • To communicate with you about your account
  • To improve our product based on usage patterns
  • To comply with legal obligations

We do NOT:

  • Sell your data to third parties
  • Use your email content to train general AI models
  • Share your client data with advertisers
  • Send your data to the United States

Where your data is stored

All data is stored on servers located in the European Union (Frankfurt, Germany).

Your email content is processed by our AI (Llama 3.3) running on our infrastructure. Your emails are never sent to OpenAI, Anthropic, Google, or any other third-party AI provider.

Infrastructure providers

  • Hetzner Online (EU) — server hosting
  • Supabase (EU) — database
  • Stripe (global) — payment processing
  • Cloudflare (global) — CDN and security

All providers are GDPR-compliant and bound by Data Processing Agreements.

How long we keep your data

Account data

  • Active account: indefinitely
  • After account deletion: 30 days, then permanent deletion

Email content

  • Processed in real-time, not stored by AI
  • Email metadata retained as part of your inbox history

Billing data

  • 7 years (legal requirement in Poland)

Logs

  • 90 days, then anonymized or deleted

Your rights (GDPR)

As an EU resident, you have the right to:

  • Right to access — Request a copy of all data we hold about you.
  • Right to rectification — Correct inaccurate or incomplete data.
  • Right to erasure — Request deletion of your data (“right to be forgotten”).
  • Right to portability — Export your data in a machine-readable format.
  • Right to object — Opt out of certain processing activities.
  • Right to withdraw consent — Cancel consent you previously gave.

To exercise these rights, email: kontakt@dmspure.com. We respond within 30 days.

Data sharing

We share data only with:

  • Service providers (Supabase, Stripe, etc.) — bound by DPA, use data only to provide the service to us.
  • Legal authorities — if required by EU or Polish law, and only for specific lawful requests.
  • Business transfers — if PrometheusMail is acquired, your data may transfer to the new owner. We will notify you 30 days before such a transfer.

We NEVER share with:

  • Advertisers
  • Data brokers
  • AI model training providers
  • Marketing list sellers

Security

We protect your data with:

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Multi-factor authentication (optional but recommended)
  • Regular security audits
  • Access controls and audit logs
  • Incident response procedures

In case of a data breach, we notify affected users within 72 hours as required by GDPR.

Cookies

We use minimal cookies:

Essential cookies (always on)

  • Authentication tokens
  • Security (CSRF protection)
  • Load balancing

Analytics cookies (opt-in)

  • Anonymized usage tracking
  • No personal identification

You can opt out of analytics via cookie banner. See our Cookie Policy for details.

Children’s privacy

PrometheusMail is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe we have, contact kontakt@dmspure.com and we will delete it immediately.

International transfers

Your data stays in the EU. We do not transfer personal data outside the EU/EEA.

The only exceptions are:

  • Stripe (payment processing) — uses EU-US Data Privacy Framework
  • Cloudflare (CDN) — uses SCCs (Standard Contractual Clauses)

Both are GDPR-compliant mechanisms.

Changes to this policy

We may update this policy. If we make material changes, we will notify you via email at least 30 days before changes take effect.

Previous versions available at: prometheusmail.com/privacy/history

Contact

Questions about privacy?

Postal address

[COMPANY NAME]
[ADRES]
Poland

Polish DPA (supervisory authority)

Urząd Ochrony Danych Osobowych (UODO)
Stawki 2, 00-193 Warsaw
uodo.gov.pl