GDPR Compliance

Last updated: November 23, 2025

1. Introduction

The General Data Protection Regulation (GDPR) is a European Union regulation that came into effect on May 25, 2018. It strengthens and unifies data protection for individuals within the EU and addresses the export of personal data outside the EU.

MText is committed to GDPR compliance and protecting the privacy and personal data of our users and their email recipients. This page outlines our GDPR compliance measures and your rights under GDPR.

2. Our Role as Data Controller and Processor

2.1 Data Controller

MText acts as a data controller for personal information we collect directly from you, such as account information, payment details, and usage data.

2.2 Data Processor

MText acts as a data processor when processing personal data on your behalf, such as email addresses and campaign data from your contact lists. As a data processor, we:

  • Process data only according to your instructions
  • Implement appropriate technical and organizational measures
  • Assist you in fulfilling data subject rights requests
  • Maintain records of processing activities
  • Notify you of data breaches without undue delay

3. Legal Basis for Processing

We process personal data based on the following legal bases:

  • Consent: When you have given clear consent for specific purposes
  • Contract: To perform our contract with you
  • Legal Obligation: To comply with legal requirements
  • Legitimate Interests: For our legitimate business interests, balanced against your rights

4. Your Rights Under GDPR

As a data subject, you have the following rights:

4.1 Right of Access (Article 15)

You have the right to obtain confirmation about whether we process your personal data and access to that data, including information about the purposes, categories, and recipients.

4.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

4.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data under certain circumstances, such as when data is no longer necessary or consent is withdrawn.

4.4 Right to Restrict Processing (Article 18)

You have the right to restrict processing of your personal data in certain situations, such as when you contest accuracy or object to processing.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

4.6 Right to Object (Article 21)

You have the right to object to processing of your personal data for direct marketing purposes or based on legitimate interests.

4.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: privacy@mtext.io
  • Data Protection Officer: dpo@mtext.io
  • Account Settings: You can also manage some preferences directly in your account settings

We will respond to your request within one month (may be extended by two months for complex requests). We may request verification of your identity before processing your request.

6. Data Protection Measures

We implement comprehensive data protection measures:

6.1 Technical Measures

  • Encryption of data in transit (TLS 1.3) and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Secure data centers with physical security
  • Backup and disaster recovery procedures

6.2 Organizational Measures

  • Data protection policies and procedures
  • Employee training on data protection
  • Confidentiality agreements
  • Regular audits and compliance reviews
  • Data Protection Impact Assessments (DPIA)

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Notify affected data subjects without undue delay
  • Provide clear information about the breach and mitigation steps
  • Document all breaches for compliance purposes

8. Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (BCRs) where applicable
  • Other legally recognized transfer mechanisms

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required by law. When data is no longer needed, we securely delete or anonymize it.

10. Your Responsibilities as a Data Controller

If you use MText to send emails to EU residents, you are responsible for:

  • Obtaining proper consent from recipients
  • Providing clear privacy notices
  • Honoring unsubscribe requests promptly
  • Responding to data subject rights requests
  • Ensuring data accuracy and security
  • Complying with GDPR requirements

11. Supervisory Authority

If you are located in the EU and have concerns about our data processing practices, you have the right to lodge a complaint with your local supervisory authority. You can find your supervisory authority at:

European Data Protection Board Member List

12. Contact Information

For GDPR-related inquiries, please contact:

Data Protection Officer: dpo@mtext.io
Privacy Team: privacy@mtext.io
Address: [Your Company Address]
EU Representative: [If applicable]

← Back to Home