How MailerLite stays GDPR-compliant

Our team has worked hard to become a fully GDPR-compliant email marketing platform. At MailerLite, protecting your privacy is our top priority, and we’ve succeeded in making sure our company and services are GDPR-friendly from start to finish.

We have all the necessary documents and GDPR appropriate technical and organizational measures in place to ensure a high level of personal data protection. Please read our Privacy Policy, Security Statement, and Cookie Policy to know more about how we process and protect personal data in accordance with data protection laws and good industry practice.

We offer a Data Processing Addendum (DPA) that meets GDPR requirements and reflects our data privacy and security commitments. Recently, the DPA became an integral part of our Terms of Use, therefore, there is no need to sign it anymore. Once you agree with our Terms of Use, you agree with our DPA at the same time.

We use our carefully selected service providers in order to provide the highest-quality email marketing services to you. According to GDPR requirements, you can find a list of our service providers included in our DPA as Annex No. 3.

Some of our sub-processors are based outside of the EU (to be explicit, they are based in the US), therefore, after the annulment of Privacy Shield we follow the GDPR requirements and include Standard Contractual Clauses in the data processing agreements concluded with them.

Moreover, we take additional measures to ensure an adequate level of protection for personal data that is transferred outside of the EU. Such measures include monitoring our service providers, reviewing their DPAs and compliance to GDPR requirements, analyzing their security measures such as data encryption, data access, etc. We make sure that our US-based sub-processors secure your data in the best possible way.

Our data center service providers provide all the necessary security measures for data protection and processing. Our services are hosted by trusted and certified data storage centers located in the European Union. These centers have an information storage security certificate (ISO 27001) as well as the certificate of IT service management (ISO 20000). You can rest assured that your data and your subscribers’ data is safe with us.

In order for you to be GDPR-compliant as a data controller, you can manage your subscribers’ data with our GDPR-friendly tools which will help you fulfill any data subjects’ requests, regarding their right to portability, access, to be forgotten, etc.

If you have any questions about data protection, please contact us at and review our GDPR-related blog posts and videos.

GDPR Advising

Stay ahead of GDPR. Our knowledgeable account managers will help you create GDPR-compliant web forms and answer your GDPR questions related to email marketing.


Blog posts


Contact us

Drop us a message and we will get back to you in no time.

Contact us