GDPR and Your Data 🇪🇺

Last updated: March 12th, 2025

Audienceful believes strongly in protecting your data and strives to comply with all privacy-related regulation including GDPR.

The General Data Protection Regulation (GDPR) is a data privacy law that regulates the use of EU resident personal data, providing individuals rights to exercise control over their data and requiring organizations that process personal data to meet certain obligations.

Overall Philosophy

In accordance with GDPR, we store only the minimum data required to support our platform, far less than most email marketing platforms. We do not use 3rd party cookies, and we use privacy-focused support and analytics tools whenever possible.

Data Portability & Management

  • Import: We provide tools to import your data a number of ways. This includes via CSV upload, syncing via outside integration, website signup forms, or manual input.
  • Export: Audienceful allows you to easily export your data at any time from the same place you can import your data (the People tab). We do not believe in 'vendor lock-in' as a business strategy, and do not make it difficult to switch to another platform.
  • Account deletion: Your account and all data can be deleted at any time. Soon after your account is deleted, our system will also delete any backups, so you can be sure there will be no trace left of your data on our servers.
  • Account settings: We provide tools to manage any personal information associated with account and workspace settings, such as name, members, allowed email domains, and more from our workspace settings menu.
  • Requests: If you are unwilling or unable to use our tools to manage your account, we respond to all requests related to data deletion in a timely manner.

Data Security

We utilize numerous technologies to ensure the safety of your data including SSL, anonymization and SHA-256 encryption as recommended by the National Institute of Standards and Technology.

None of our support staff or contractors have access to your sensitive email list data. We do this to reduce risk of phishing or social engineering (the most common attack vector, re: Mailchimp's latest breaches). Since our founding in 2020 we have had zero data breach incidents.

However, no internet-connected service can ever be 100% secure. In the event of a future data breach, in accordance with GDPR we have protocols for promptly notifying any affected parties.

Standard Contractual Clauses (SCCs)

In accordance with the Schrems II ruling which invalidated the privacy shield framework, for any data that passes through cloud vendors we rely on the latest Standard Contractual Clauses to ensure appropriate safeguards for personal data transfers from the EU to countries outside of the EU.  

Our servers are hosted in the cloud with Digital Ocean. You can view Digital Ocean's SCCs and Data Processing Agreements here (Schedule 3 relates specifically to our use of Digital Ocean as processor).

*2023 update: EU-US Data Privacy Framework

On July 10th 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The adequacy decision concludes that the United States ensures an adequate level of protection compared to that of the EU for personal data transferred from the EU to US companies participating in the EU-U.S. Data Privacy Framework. The clears up any prior confusion related to using US-hosted cloud services within the EU.

As a result of adequacy decisions, personal data can flow freely and safely from the European Economic Area (EEA), which includes the 27 EU Member States as well as Norway, Iceland and Liechtenstein, to a third country, without being subject to any further conditions or authorizations. In other words, transfers to the third country can be handled in the same way as intra-EU transmissions of data.

More information

For more detailed information see our full privacy policy.