GDPR Compliance

Last updated: October 20, 2025

We take data protection seriously. This page explains how Anymail Finder (AMF Internet Services Limited) complies with the EU General Data Protection Regulation (GDPR) and similar privacy laws, including the UK GDPR.

1. Our GDPR Commitment

The General Data Protection Regulation (GDPR) and the UK GDPR set the standards for how personal data of EU and UK residents must be collected, processed, and protected.

We continuously review and update our systems, policies, and contracts to ensure ongoing compliance. This includes:

A Data Processing Addendum (DPA) for all customers,
Clear procedures for handling data subject rights requests,
Robust security, privacy, and data retention policies,
Regular staff training and awareness on data protection.

2. Data Controller and Processor Roles

Anymail Finder may act as both a data controller and a data processor, depending on the context:

As a Data Processor: We process personal data on behalf of our customers - for example, when finding or verifying contact data you provide.
As a Data Controller: We manage user account information, billing data, communications, and analytics related to the operation and security of our service.

As a customer, you act as the Data Controller for any personal data you upload or process through Anymail Finder.

When acting as a processor, we only process personal data on your documented instructions and in accordance with our Data Processing Addendum (DPA).

3. Data Processing Addendum (DPA)

We provide a Data Processing Addendum (DPA) that forms part of our Terms of Service and your agreement with us. It defines our obligations as a data processor under Article 28 of the GDPR, including:

Processing personal data only on your documented instructions,
Maintaining confidentiality and ensuring authorized personnel are bound by appropriate obligations,
Implementing technical and organizational measures to protect personal data, and
Assisting you with compliance obligations and data subject rights requests.

You can request a signed copy of our DPA by emailing team@anymailfinder.com.

4. Data Hosting and Transfers

We host our infrastructure on Amazon Web Services (United States) and Hetzner Online GmbH (Germany).

When personal data is processed or stored outside the European Economic Area (EEA), we rely on the EU Standard Contractual Clauses (SCCs) and AWS's Data Processing Addendum to ensure adequate protection.

These mechanisms ensure that transfers of personal data outside the EEA provide an equivalent level of protection to that required under the GDPR.

We apply the same high level of security and privacy standards to all data, regardless of where it is hosted, and we regularly review our infrastructure to minimize transfers outside the EEA where possible.

5. Data Security

We implement and maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, in accordance with Article 32 of the GDPR.

Our security controls include, among others:

Encrypted data transmission and storage (HTTPS/TLS),
Access controls and multi-factor authentication for internal systems,
Regular security audits and vulnerability assessments,
Continuous infrastructure and anomaly monitoring, and
Strict employee access policies and confidentiality obligations.

These measures are reviewed and updated regularly to ensure a high level of data protection and service integrity.

6. Data Retention and Deletion

Customer account data: Information such as your name, email and team members are retained for as long as your account remains active. You can delete your account at any time from the account deletion page. Account data is permanently deleted 14 days after submitting a deletion request. This short grace period allows you to cancel the deletion if the request was made in error.
Search data and query results: Stored search data are deleted automatically after 6 months for bulk searches and 12 months for single searches, or immediately when your account is deleted. You can also delete individual searches directly using the Delete button in your search history.
Logs: API logs, system logs, and access logs used for security, debugging, and abuse prevention are retained for up to 14 days before being automatically purged.

You may also request deletion of your data at any time by contacting team@anymailfinder.com. Verified deletion requests are normally processed within 48 working hours.

7. Data Subject Rights

Under the GDPR, individuals ("Data Subjects") have the right to:

Access their personal data,
Request correction or deletion ("right to be forgotten"),
Object to or restrict processing, and
Request data portability.

We provide two ways for individuals to exercise these rights:

Opt-out / Blacklist: Individuals can block future lookups of their domain or email address by using our opt-out tool. Once submitted, the address or domain is added to our internal suppression list and will not appear in any future search results.
Direct request: Individuals may contact us at team@anymailfinder.com to request access, correction, or deletion of their personal data. Verified requests are typically processed within 48 working hours.

8. Data Shared with Subprocessors

We only work with carefully selected subprocessors that meet GDPR requirements and provide adequate data protection safeguards. These partners help us deliver our service, manage customer relationships, and operate our business securely.

Our main subprocessors include:

Amazon Web Services (AWS): Hosting and data storage
Hetzner Online GmbH: Hosting and data storage
Intercom: Customer communications and support
Plausible: Privacy-focused website analytics
Google: Email delivery and internal communications
Slack: Internal team communication and support notifications
Rewardful: Affiliate and referral program management
Sentry: Application error monitoring
Mailcoach (by Spatie): Transactional and marketing email delivery

Each subprocessor provides GDPR-compliant data processing terms, and we regularly review their security and privacy practices. We maintain an up-to-date list of subprocessors and notify customers of any material changes in accordance with our Data Processing Addendum (DPA).

9. Privacy Policy and Data Protection Officer (DPO)

We maintain a detailed Privacy Policy describing how we collect, use, and protect your data.

Anymail Finder has appointed a Data Protection Officer (DPO) responsible for overseeing GDPR compliance and managing data protection inquiries.

Contact our DPO: team@anymailfinder.com

10. Data Breach Notification

In the unlikely event of a personal data breach, we will:

Notify affected customers without undue delay,
Provide details on the nature, scope, and impact of the breach, and
Outline the corrective and preventive measures taken.

We also comply with applicable legal obligations to notify supervisory authorities and, when required, affected data subjects.

11. Updates to This Statement

We may update this GDPR statement from time to time to reflect legal, technical, or operational changes. Significant updates will be communicated directly to customers and published on this page with an updated "Last updated" date.

AMF Internet Services Limited
Registered in the UK, number 10586048
team@anymailfinder.com

Opt Out Privacy GDPR DPA TOS AUP

AMF Internet Services Limited is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Microsoft or LinkedIn, or any of their subsidiaries or affiliates. By using the Anymail finder browser extension, you agree to abide by LinkedIn's terms of service and take full responsibility for any actions taken through its use. The name LinkedIn, as well as related names, marks, logos, emblems, and images are registered trademarks of their respective owners.