Privacy Policy - MyraMail

This privacy policy explains how Dynamic Foundries ("we", "us", "our") collects, uses, and protects your personal data when you use MyraMail ("the Service"), available at https://myramail.com, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and French Law No. 78-17 of 6 January 1978 (Loi Informatique et Libertés).

Data Controller

Company: Dynamic Foundries
Address: 15 Boulevard Saint-Marcel, 75013 Paris, France
Email: contact@dynamic-foundries.com

Data We Collect

Data you provide

Account data: name, email address, password (hashed), profile information
Billing data: payment method details are processed directly by Stripe and are not stored on our servers. We store your Stripe customer ID, subscription plan, and billing history.
Service data: any content, files, or configuration you create or upload through the Service
Communication data: messages sent to our support team

Data collected automatically

Technical data: IP address, browser type and version, operating system, device type, screen resolution
Usage data: pages visited, features used, time spent, referral source, date and time of access
Cookies: see the Cookies section below

Purpose and Legal Basis

Purpose	Legal basis (GDPR Art. 6)
Account creation and management	Performance of contract (Art. 6(1)(b))
Providing the Service	Performance of contract (Art. 6(1)(b))
Payment processing and billing	Performance of contract (Art. 6(1)(b))
Customer support	Performance of contract (Art. 6(1)(b))
Website analytics and improvement	Legitimate interest (Art. 6(1)(f))
Security and fraud prevention	Legitimate interest (Art. 6(1)(f))
Legal and regulatory compliance	Legal obligation (Art. 6(1)(c))
Marketing communications (with opt-in)	Consent (Art. 6(1)(a))

Data Retention

Data type	Retention period
Account data	Duration of the account + 3 years after deletion
Billing and invoice data	10 years (French accounting obligations, Art. L123-22 Code de commerce)
Service data (files, content)	Duration of the account; deleted within 30 days of account closure
Analytics data	26 months
Server logs	12 months
Support communications	3 years after resolution

Sub-processors

We use the following third-party services that may process your data:

Service	Purpose	Location
OVH SAS	Web hosting and data storage	France (EU)
Stripe, Inc.	Payment processing	United States (EU-US Data Privacy Framework)
Google Analytics	Website analytics	United States (EU-US Data Privacy Framework)

Cookies

This Service uses cookies — small text files stored on your device — for the following purposes:

Essential cookies: required for authentication, session management, and security (e.g., CSRF protection). These do not require consent.
Functional cookies: remember your preferences and settings.
Analytics cookies: used to understand how visitors interact with the Service (e.g., Google Analytics). These are placed only with your consent.

You can manage cookie preferences through your browser settings at any time. Disabling essential cookies may prevent you from using the Service.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption in transit (TLS/HTTPS)
Password hashing (bcrypt)
Regular security updates and patching
Access controls and authentication for internal systems
Web Application Firewall (ModSecurity)

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately at contact@dynamic-foundries.com.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15) — obtain a copy of your personal data
Right to rectification (Art. 16) — correct inaccurate data
Right to erasure (Art. 17) — request deletion of your data
Right to restrict processing (Art. 18) — limit how we use your data
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
Right to object (Art. 21) — object to processing based on legitimate interest
Right to withdraw consent (Art. 7(3)) — withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at contact@dynamic-foundries.com. We will respond within 30 days. You may also delete your account and associated data directly from your account settings.

If you believe your rights have not been respected, you may file a complaint with the French data protection authority:

CNIL — Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
www.cnil.fr

International Transfers

Some of our sub-processors may transfer data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) as approved by the European Commission.

Children's Privacy

This Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email or through the Service. The date of the last update is indicated below.

Last updated: March 2026