Data Portability (Account Export)
Under GDPR Article 20, individuals have the right to receive their personal data in a portable format. EuroMail provides an API endpoint to export all data associated with your account:
curl https://api.euromail.dev/v1/account/export \
-H "Authorization: Bearer em_live_..."The response includes account information, domains, templates, webhooks, email history, and suppression entries. The export is returned as a JSON document.
Right to Erasure (Account Deletion)
GDPR Article 17 grants individuals the right to have their personal data deleted. EuroMail supports full account deletion:
curl -X DELETE https://api.euromail.dev/v1/account \
-H "Authorization: Bearer em_live_..."This permanently deletes the account and all associated data including domains, templates, email metadata, delivery logs, tracking events, suppression entries, and API keys. The operation is irreversible. Note that emails already delivered to recipients' mail servers cannot be recalled — the deletion applies to data stored within EuroMail.
Per-Email Data Export
In addition to full account exports, EuroMail supports exporting all data associated with a specific email address. This is useful when handling data subject access requests (DSAR) for individual recipients:
curl "https://api.euromail.dev/v1/gdpr/[email protected]" \
-H "Authorization: Bearer em_live_..."The response includes email metadata (without bodies), delivery events, suppression entries, and unsubscribe events for the specified address. This endpoint is rate limited to 1 request per minute per account.
Per-Email Data Erasure
To erase all data associated with a specific email address without deleting the entire account, use the per-email erasure endpoint:
curl -X DELETE "https://api.euromail.dev/v1/gdpr/[email protected]" \
-H "Authorization: Bearer em_live_..."This permanently deletes all emails sent to the address, associated delivery events, tracking tokens, suppression entries, unsubscribe events, and contact list memberships. The action is logged in the audit trail and cannot be undone. This endpoint is rate limited to 1 request per minute per account.
Audit Logging
Every action performed through the API or dashboard is recorded in the audit log with the following details:
| Field | Description |
|---|---|
timestamp | When the action occurred (UTC) |
user | API key identifier or dashboard user who performed the action |
action | What was done (e.g., email.sent, domain.created, suppression.deleted) |
ip_address | Source IP address of the request |
resource | The affected resource identifier |
details | Additional context about the action |
Audit logs are accessible through the API and dashboard. They are retained for the duration of the data retention period and cannot be modified or deleted.
curl https://api.euromail.dev/v1/audit-logs?limit=50 \
-H "Authorization: Bearer em_live_..."Data Retention
EuroMail automatically manages data retention. Email body content (HTML and text) is purged after 30 days. Email metadata and delivery logs are retained for 6 months. Suppression list entries are retained independently of the retention period to prevent re-sending to bounced or complaining addresses.
Data Processing Agreement
A Data Processing Agreement (DPA) compliant with GDPR Article 28 is included with all EuroMail plans. The DPA covers the categories of data processed, processing purposes, sub-processor disclosures (none outside the EU), security measures, and breach notification procedures. Download the current DPA from euromail.dev/legal/dpa/.
Processing Records
EuroMail maintains records of processing activities as required by GDPR Article 30. These records document the types of personal data processed (email addresses, message metadata, IP addresses), the purposes of processing (transactional email delivery), and the technical and organizational security measures in place. You can request a copy of the processing records for your account at any time through the dashboard or by contacting support.