← Back to Mailair

GDPR & Data Rights

Last updated: March 22, 2026

1. Overview

Mailair is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws. This page explains your rights and how we handle your data.

2. Data Controller

The data controller for Mailair is:

Sai Sridhar Tarra

Email: saisridhart@gmail.com

3. Data We Process

  • Account data: Email address, name (from Google OAuth)
  • Email content: Gmail messages accessed with your explicit permission via Google OAuth
  • Usage data: Feature interactions, subscription plan, email processing counts
  • Payment data: Handled by Razorpay — Mailair does not store card details

4. Legal Basis for Processing

  • Contract performance: Processing your emails is necessary to deliver the service you signed up for.
  • Consent: Gmail access is granted by you via Google OAuth and can be revoked at any time.
  • Legitimate interests: Improving service reliability and security.

5. Your Rights Under GDPR

If you are in the European Economic Area (EEA), you have the following rights:

  • Right to access: Request a copy of all personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your account and associated data ("right to be forgotten").
  • Right to restriction: Request we limit how we use your data.
  • Right to data portability: Request an export of your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Revoke Gmail access at any time from Settings or your Google Account.

To exercise any of these rights, email us at saisridhart@gmail.com. We will respond within 30 days.

6. Data Retention

  • Email data is retained for as long as your account is active.
  • When you delete your account, all associated data is deleted within 30 days.
  • Payment records may be retained for up to 7 years for legal/tax purposes.

7. International Transfers

Your data is processed on servers hosted by Supabase (US) and Render (US). These providers are GDPR-compliant and use standard contractual clauses for international data transfers.

8. Sub-processors

  • Supabase — Database and authentication
  • Render — Backend hosting
  • Vercel — Frontend hosting
  • Anthropic — AI email processing (Claude API)
  • Razorpay — Payment processing
  • Google — Gmail OAuth and API access

9. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority.

© 2025 Mailair. All rights reserved.