Legal
Last updated: April 17, 2026
Sub-processor List
EmailQA engages the following sub-processors to help deliver the Service. This list is maintained and will be updated when we add or replace a sub-processor. For material changes, we will provide notice to active business customers consistent with Art. 28(2) of GDPR.
| Sub-processor | Purpose | Location |
|---|---|---|
| Railway | Application and database hosting | United States |
| Amazon Web Services (S3) | File storage (HTML uploads, renders) | United States |
| Stripe | Payment processing and billing | United States |
| Anthropic | AI assistant and device-explanation (beta) | United States |
| GitHub | OAuth sign-in (optional) | United States |
| Slack | Workspace integration (optional) | United States |
| Mailchimp, Klaviyo, SendGrid, Campaign Monitor | ESP integrations you choose to connect (optional) | Varies by provider |
To receive notifications about changes to this list, email [email protected] with the subject "Subscribe: Sub-processor Updates."
DMCA / Copyright Policy
EmailQA respects intellectual property rights and complies with the Digital Millennium Copyright Act ("DMCA"), 17 U.S.C. § 512. If you believe content hosted on our Service infringes your copyright, please send a notice containing the information below to our designated agent.
Notice of Infringement
Your notice must include:
- A physical or electronic signature of a person authorized to act on behalf of the copyright owner.
- Identification of the copyrighted work claimed to be infringed.
- Identification of the material claimed to be infringing and where it is located on the Service (URL or project link).
- Your contact information (name, address, phone, email).
- A statement that you have a good-faith belief that the use is not authorized by the copyright owner, its agent, or the law.
- A statement, under penalty of perjury, that the information in the notice is accurate and that you are authorized to act on behalf of the copyright owner.
Designated Agent
Send DMCA notices to:
- Name: EmailQA DMCA Agent
- Address: 123 N Hanover Street, Carlisle, PA 17013, United States
- Email: [email protected]
Note: Under 17 U.S.C. § 512(f), you may be liable for damages, including costs and attorneys' fees, if you knowingly materially misrepresent that material is infringing.
Counter-Notice
If your content was removed and you believe it was removed in error, you may send a counter-notice to our designated agent containing the elements specified in 17 U.S.C. § 512(g)(3). We will forward the counter-notice to the original complainant and may restore the content in 10–14 business days unless the complainant files a court action.
Repeat Infringers
We will terminate accounts of users determined to be repeat copyright infringers under appropriate circumstances.
Data Processing Addendum (DPA)
This Data Processing Addendum ("DPA") supplements the Terms of Service and applies to EmailQA's processing of personal data on behalf of a customer ("Customer") in connection with the Service. It is incorporated into the Terms of Service when Customer is subject to GDPR, UK GDPR, or similar laws that require a written data processing agreement.
1. Roles
Customer is the "controller" and EmailQA is the "processor" with respect to Customer personal data processed through the Service. Where Customer is itself a processor for its own customer, EmailQA acts as a sub-processor.
2. Scope and Purpose
EmailQA processes Customer personal data only (a) to provide the Service consistent with the Terms of Service, (b) as instructed by Customer through Customer's use of the Service, and (c) as required by applicable law.
3. Categories of Data and Data Subjects
- Data subjects: Customer's team members, invited guest reviewers, and any individuals identified in Customer's email HTML or comments.
- Categories: Contact data (name, email), account credentials, project content, comments, integration tokens, and usage data.
4. Sub-processors
Customer authorizes EmailQA to engage the sub-processors listed above. EmailQA will notify Customer of changes to the list before a new sub-processor begins processing Customer data, giving Customer a reasonable opportunity to object. If Customer reasonably objects on data-protection grounds, the parties will work in good faith to resolve, and if unresolved, Customer may terminate the affected portion of the Service.
5. Security
EmailQA implements the technical and organizational measures described in §9 of the Privacy Policy, including encryption in transit, access controls, and credential protection.
6. Data Subject Requests
EmailQA will, to the extent legally permitted, assist Customer in responding to requests from data subjects exercising rights under GDPR Arts. 15–22 and similar laws.
7. International Transfers
For transfers of personal data from the EEA, UK, or Switzerland to the United States, the parties incorporate by reference Module 2 of the European Commission's Standard Contractual Clauses (2021/914) and, where applicable, the UK International Data Transfer Addendum. Customer is the data exporter; EmailQA is the data importer.
8. Breach Notification
EmailQA will notify Customer without undue delay — and in any event within 72 hours where feasible — after becoming aware of a personal data breach affecting Customer data.
9. Deletion and Return
At termination of the Service, Customer may export data within the 30-day window described in §13 of the Terms. Thereafter, EmailQA will delete Customer personal data in accordance with the Privacy Policy, except where retention is required by law.
10. Audit
EmailQA will, upon Customer's reasonable written request and no more than once per year, make available information necessary to demonstrate compliance with this DPA. Customer will bear reasonable costs of any audit it requests.
11. Acceptance
This DPA is effective on use of the Service by a Customer subject to GDPR/UK GDPR. If Customer requires a countersigned DPA, contact [email protected].