Logo

General Data Protection Regulation (GDPR) Compliance

Effective Date: 09/22/2025

Colibricode LLC, doing business as MonkeysMail, is committed to protecting the personal data of our customers and their end users. This GDPR Compliance Statement explains how we meet the requirements of the EU General Data Protection Regulation (GDPR).

1. Data Controller & Data Processor

  • Controller: Our customers (you) act as the Data Controller for the personal data you send through our platform (e.g., recipients of your emails).
  • Processor: MonkeysMail acts as a Data Processor, handling personal data on your behalf in accordance with your instructions and applicable laws.
  • For customer account details (billing, login, etc.), Colibricode LLC is the Data Controller.

2. Lawful Basis for Processing

We process personal data based on:

  • Contractual necessity: to deliver the MonkeysMail service.
  • Legal obligations: to comply with applicable laws.
  • Legitimate interests: to maintain security, prevent abuse, and improve service.
  • Consent: where explicitly provided (e.g., marketing communications).

3. Data Subject Rights

Under GDPR, individuals have the following rights:

  • Right of access to personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict or object to processing.
  • Right to data portability.
  • Right to withdraw consent at any time.

Requests may be submitted to privacy@monkeysmail.com. We will respond within 30 days.

4. Data Transfers

  • Data may be processed in the United States and other countries.
  • We rely on Standard Contractual Clauses (SCCs) and other safeguards approved by the European Commission for lawful transfers.
  • Customers may request a copy of our Data Processing Agreement (DPA).

5. Data Processing Agreement (DPA)

  • A signed DPA is available upon request.
  • It includes obligations around confidentiality, sub-processors, breach notification, and assistance with data subject rights.
  • Customers can email legal@monkeysmail.com to request the DPA.

6. Sub-Processors

We use carefully selected third-party sub-processors to deliver our services (e.g., cloud hosting, analytics, support tools).

  • All sub-processors are bound by data protection agreements.
  • A current list of sub-processors is available upon request.

7. Data Security

We apply industry-standard security measures:

  • TLS encryption in transit, AES-256 at rest
  • Access controls, audit logging, monitoring
  • Regular testing and vulnerability scans

See our Security Page for more details.

8. Data Retention

  • We retain data only as long as necessary for service delivery or legal requirements.
  • Email content is typically stored only briefly for delivery and troubleshooting.
  • Logs and metadata may be retained longer for compliance and abuse prevention.

9. Breach Notification

  • In the event of a data breach, we will notify affected customers without undue delay.
  • We will provide details, impact assessment, and remediation steps.

10. Contact Information

For GDPR-related inquiries, please contact:

Data Protection Officer (DPO)
Colibricode LLC (DBA MonkeysMail)
Email: privacy@monkeysmail.com