Legal
Privacy Policy
Last updated: March 19, 2026
1. Introduction
MailOps Studio ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our automated document data extraction service. It has been written in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Dutch Implementation Act (Uitvoeringswet AVG).
By using our service, you confirm that you have read and understood this Privacy Policy.
2. Data Controller
MailOps Studio
Louise de Colignystraat 11 A, 3116 EG Schiedam, Netherlands
KvK number: 42002930
Email: [email protected]
3. What Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Customer account information | Name, company name, email address | Provided by you on sign-up |
| Document data | Names, addresses, financial data in your logistics documents | Contained in documents you forward |
| Usage data | Number of documents processed, timestamps | Automatically collected |
| Communication data | Emails you send to us | Provided by you |
We do not collect any special categories of personal data.
4. How We Use Your Personal Data
Service delivery: We process the data in your documents to extract structured information and return it to you in Excel format.
Communication: We use your email address to send you extracted data, service notifications, and invoices.
Service improvement: We use anonymised usage data to improve our service.
Legal compliance: We may process your data where necessary to comply with legal obligations.
5. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Providing the data extraction service | Performance of a contract (Article 6(1)(b) GDPR) |
| Sending invoices and account communications | Performance of a contract (Article 6(1)(b) GDPR) |
| Improving our service | Legitimate interests (Article 6(1)(f) GDPR) |
| Complying with legal obligations | Legal obligation (Article 6(1)(c) GDPR) |
6. Data Sharing and Sub-processors
We do not sell your personal data. We share your data only with the following sub-processors:
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Anthropic | AI-powered text extraction | United States | Standard Contractual Clauses (SCCs) |
| Google Cloud (GCP) | Optical Character Recognition (OCR) | European Union | Adequacy decision / SCCs |
| Amazon Web Services (AWS) | Email processing (SES) | Europe | Adequacy decision / SCCs |
| Railway | Application hosting | European Union | SCCs |
7. International Data Transfers
For sub-processors based in the United States (Anthropic), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data outside the EEA, in accordance with Article 46 GDPR. You may request a copy of these safeguards by contacting us at [email protected].
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Document content | Deleted within 24 hours of processing |
| Extracted data (Excel output) | Sent to you and not retained by us |
| Customer account information | Duration of contract plus 7 years (Dutch accounting law) |
| Invoice and payment records | 7 years (Dutch fiscal retention requirement) |
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
Right of access (Article 15 GDPR): Request a copy of the personal data we hold about you.
Right to rectification (Article 16 GDPR): Request correction of inaccurate personal data.
Right to erasure (Article 17 GDPR): Request deletion of your personal data, subject to legal retention obligations.
Right to restriction of processing (Article 18 GDPR): Request restriction of processing in certain circumstances.
Right to data portability (Article 20 GDPR): Request your personal data in a structured, machine-readable format.
Right to object (Article 21 GDPR): Object to processing where we rely on legitimate interests.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
10. Cookies
Our website uses only essential cookies necessary for the website to function. We do not use tracking or advertising cookies. If we introduce non-essential cookies in the future, we will update this policy and obtain your consent.
11. Data Security
We implement the following technical and organisational security measures:
- Encryption of all data in transit (TLS/HTTPS)
- Encryption of all data at rest (AES-256)
- Access controls limiting who can access personal data
- Automatic deletion of document data within 24 hours of processing
- All primary processing infrastructure located within Europe
12. Data Breaches
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of the breach, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay.
13. Right to Lodge a Complaint
If you believe we have not handled your personal data correctly, you have the right to lodge a complaint with:
Autoriteit Persoonsgegevens
Postbus 93374, 2509 AJ Den Haag
Website: autoriteitpersoonsgegevens.nl
Telephone: 0900 2001 201
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email and by updating the "Last Updated" date at the top of this document.
15. Contact Us
MailOps Studio
Email: [email protected]
Address: Louise de Colignystraat 11 A, 3116 EG Schiedam, Netherlands