Last updated: [DATE — fill in on publish]
[Legal entity name], operating as AutoArchive Mail ("we", "us", "our"), provides a managed email-archiving service for businesses with compliance obligations. This policy explains what data we collect when you use autoarchivemail.com and the archiving service itself, why we collect it, and how it's protected. Registered address: [registered business address — fill in]. Jurisdiction: [jurisdiction governing this policy — fill in].
We distinguish between two categories of data:
Per our service design, archived email is delivered to storage that you control (your own cloud storage or on-premise destination), not retained indefinitely on our infrastructure as the primary copy. [This section must be reviewed and corrected to precisely describe the actual data flow, any temporary processing/staging retention period, and any data that remains on AutoArchive Mail's own infrastructure — e.g. search indexes, logs, or backups — before publishing.]
We use third-party service providers to operate this business, which may include email delivery, analytics, and payment processing providers. [List actual sub-processors here by name before publishing — this is a standard, often-required disclosure for B2B compliance customers such as law firms and accounting practices, who will frequently ask for this list directly.]
[Specify: how long account/marketing data is retained after account closure; how long any staging/processing copies of archived email are retained before deletion, if any.]
We use industry-standard measures including encryption in transit (TLS) [and at rest — confirm and specify] to protect data. Access to customer data is restricted to what's necessary to operate the service. [Add specifics: encryption standards used, access-control practices, incident-response process.]
Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, contact us via our contact form. [If serving EU/UK or California customers, this section needs explicit GDPR/CCPA-specific language — a lawyer should confirm which regimes apply given your actual customer base.]
[Specify where data is hosted/processed geographically and, if data crosses borders relative to where customers are based, what safeguards apply — e.g. Standard Contractual Clauses for EU data.]
We may update this policy from time to time. Material changes will be reflected by an updated "Last updated" date above.
Questions about this policy or your data can be sent via our contact form.