We take data protection very seriously at Gaggle Mail which is why we welcome the new measures introduced by GDPR.

Gaggle Mail is based in the UK and as such falls under jurisdiction of GDPR.

Data Protection by Design and Default

Gaggle Mail employs industry wide best practices and trusted technologies to ensure personal data stored within our system is securely stored and protected.

For personal data which has a “high risk to the rights or freedoms of natural person” GDPR mandates a formal Data Protection Impact Assessments (“DPIA”) is undertaken. Gaggle Mail assessed that there are no high risks to individuals who use our system.

Declaration of Sub-Processors

Gaggle Mail runs on US datacentres from Amazon Web Services (AWS) and Google Cloud Platform (GCP). Both AWS and GCP are fully committed to GDPR and have declared full compliance.

We use Stripe for payments processing who are also committed to and compliant with GDPR.

Legal Basis for Personal Data Processing

We take “legitimate interest” as the basis for which we securely process and store customer data in order to deliver Gaggle Mail as a software solution.

Data Controller and Data Processor

We operate as a Data Controller for personal data relating to our customers for the necessary operation of our software system.

We operate as a Data Processor in respect to the personal data, which may be loaded into Gaggle Mail by the users of the system.

Users of our system are responsible for ensuring that they have the appropriate legal basis for processing personal data within our system and will fully indemnify Gaggle Mail in the event of any claim of any sort being brought for not having a valid basis.


As with all things on Gaggle Mail, we've tried to keep things as simple as possible with this GDPR Statement.

If you have any concerns about anything within in it, or more generally around data protection and Gaggle Mail please don’t hesitate to contact us.