Information we collect
We collect information you provide when you sign up, contact our team, or use the Eagora product. This includes name, email, company, billing details, the subscriber lists you upload, and content you send through the platform. We also collect technical data such as IP address, browser type, device identifiers and usage logs that are necessary to operate the service securely.
How we use information
We use the data to operate the product, deliver email and automation, communicate about service updates, respond to support requests, prevent abuse, comply with legal obligations, and improve Eagora. We never sell your data and we never train third-party AI models on the contents of your account.
Legal bases (EU/UK)
We rely on the following legal bases under GDPR: contract performance (to provide the service you paid for), legitimate interest (to keep the service secure and to communicate about operational matters), consent (for optional cookies and marketing), and legal obligation (for tax, fraud-prevention and law-enforcement requests we are required to comply with).
Data we process on your behalf
Subscribers, campaigns, automations, templates and analytics that you upload or generate inside Eagora are processed as your processor. You are the controller of that data. Our Data Processing Addendum (DPA) is available on request and is part of every paid contract.
Your rights
You can access, export, correct and delete your data at any time from inside the product. EU, UK, Swiss and Californian residents have additional rights under GDPR / UK GDPR / CCPA, including the right to object to processing, to lodge a complaint with a supervisory authority and to opt out of any sale of personal information (we do not sell).
Data retention
Active account data is retained for as long as your account is active. After cancellation we keep data for 30 days to allow you to reactivate, then permanently delete it from production systems within a further 60 days. Backup copies are rotated out within 12 months.
Data residency
Customer data is stored in EU or US regions depending on your account settings. Enterprise plans support APAC residency on request. Cross-border transfers are governed by the EU Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum.
Subprocessors
We use a small set of trusted subprocessors for cloud infrastructure, payment processing, transactional email delivery and support tooling. The full list is published at /gdpr and updated when changes occur. Workspace admins can subscribe to subprocessor change notifications.
Security
We maintain an ISO 27001-aligned security program with annual penetration testing, role-based access control, SSO + MFA for all employees, encrypted backups, and 24/7 incident monitoring. Material incidents are disclosed to affected customers within 72 hours, in line with GDPR Article 33.
Children's privacy
Eagora is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact [email protected] and we will delete it promptly.
Cookies & tracking
We use a minimal set of cookies necessary to operate the product and, with your consent, analytics and marketing cookies to improve Eagora. Full details are in our Cookie Policy at /cookies. You can update your consent at any time from the cookie banner.
Changes to this policy
We will notify workspace admins by email at least 30 days before material changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
Contact us
Email [email protected] for any privacy-related question, data subject request, or to reach our Data Protection Officer. EU representatives can be contacted at [email protected].
Email [email protected] — we respond within 30 days.
Our Data Processing Addendum is available on request for every paid plan.
Last updated: June 1, 2026