Compliance
Compliance, built in
Data export, erasure, and audit logging are product features with API endpoints, not an enterprise add-on or a support ticket.
Data subject rights
DSARs answered with a request
A data subject asks what you hold on them: GET /v1/gdpr/export with their address returns it. They ask to be forgotten: DELETE /v1/gdpr/erase removes it. Article 20 account export and Article 17 full account deletion are equally self-serve. Erasure is per-email precise, not all-or-nothing.
curl -X DELETE \
"https://api.euromail.dev/v1/gdpr/[email protected]" \
-H "Authorization: Bearer em_live_..."
Retention
Deleted on schedule, logged immutably
Email bodies are purged after 30 days automatically; metadata and delivery logs after six months; suppression entries persist so protection outlives the data. Every account action lands in an immutable audit log (timestamp, actor, action, IP), ready for the day an auditor asks.
- Email body retention
- 30 days, then purged
- Metadata retention
- 6 months
- Audit log
- Immutable, every action
- DSAR endpoints
- Per-email export & erase