🇫🇮 Built in Finland · GDPR-focused infrastructure

Email Marketing Built for GDPR from Day One

Most email platforms add compliance as an afterthought. NexusProMail is operated by a Finnish company under EU law, with consent management, suppression lists, DSAR tools and GDPR infrastructure built into every plan.

Start free — no card requiredView plans

This page covers NexusProMail’s GDPR-specific features. For a broader reference covering CAN-SPAM, CASL and DPA obligations across all regulations, see the email compliance guide →

Quick Answer

GDPR-compliant email marketing requires a lawful basis for every send, valid opt-in consent, suppression list enforcement, support for data subject rights (access, rectification, erasure) and a Data Processing Agreement with your email platform. NexusProMail is operated by Infotech Pioneers Oy, a Finnish company subject to EU law, with all of these built into every account.

Key Takeaways

  • GDPR applies to any business emailing EU residents — regardless of where the sender is based
  • Consent must be freely given, specific, informed and unambiguous — pre-ticked boxes are invalid
  • Every commercial email must include a working unsubscribe link; opt-outs must be honoured promptly
  • Data subjects have the right to erasure (Article 17) — you need a process to respond within 30 days
  • A Data Processing Agreement with your email platform is mandatory under GDPR Article 28

What GDPR Actually Requires from Email Senders

GDPR places specific obligations on any business sending email to EU residents — regardless of where the sender is based.

Lawful basis for sending

You need a valid legal basis to email someone — usually consent or legitimate interest. Consent must be freely given, specific, informed and unambiguous. Pre-ticked boxes do not count.

Right to unsubscribe

Every commercial email must include a working unsubscribe link. Opt-out requests must be honoured within 30 days, and you cannot email a suppressed contact again.

Data minimisation

You should only collect and process the contact data you actually need for sending. Storing unused fields on contacts increases your compliance exposure.

Right to erasure

Contacts can request deletion of all data you hold about them. You need a process to locate, export and delete that data within 30 days (Article 17 GDPR).

Data Processing Agreement

If you use any third-party tool that processes personal data on your behalf — including an email platform — you need a DPA with that provider.

Breach notification

If personal data is compromised, you must notify your supervisory authority within 72 hours. Structured logging and audit trails help you respond quickly.

How NexusProMail Covers Each Requirement

Automatic

Consent & opt-out management

Every contact has a consent state. Suppression lists are enforced at the API level before each send — not just a checkbox in the UI. Hard bounces and spam complaints are added automatically. You cannot send to a suppressed address.

Built-in

Per-recipient signed unsubscribes

Each unsubscribe link is HMAC-signed and brand-scoped. A contact unsubscribing from one of your brands does not suppress them across all brands unless you configure global suppression. Fail-closed by default — invalid tokens block the send.

Built-in

DSAR support

The admin panel includes DSAR tooling. You can search for a contact by email, export all data held about them, or delete them permanently from the system. Erasure tombstones prevent reimport.

Automatic

Audit trail

All sends, bounces, complaints, suppressions and unsubscribes are logged with timestamps. The full audit trail is available via the analytics dashboard and API.

On request

Data Processing Agreement

A DPA is available to all business customers on request. Infotech Pioneers Oy acts as your data processor under Article 28 GDPR. Contact support@nexuspromail.com.

In progress

EU-oriented data governance

NexusProMail is operated by Infotech Pioneers Oy, a Finnish company subject to EU law. Infrastructure migration to eu-west-1 (Ireland) is planned for Q3 2026. A DPA is available covering current arrangements.

Everything You Need for GDPR-Compliant Email

Suppression list enforcement
HMAC-signed unsubscribe links
DSAR management tools
Erasure tombstones
Contact consent state tracking
Bounce + complaint auto-suppression
Full send audit log
Brand-scoped unsubscribes
DPA on request
Finnish company, EU law
Planned EU infrastructure migration
Rate limiting + IP whitelist
See all 96+ features →

Frequently Asked Questions

Is NexusProMail GDPR-compliant?+
Yes. NexusProMail is operated by Infotech Pioneers Oy, a Finnish company subject to EU law. The platform includes consent tracking, suppression list management, per-recipient signed unsubscribes, DSAR tooling and a DPA available on request.
Where is email data stored?+
NexusProMail infrastructure is hosted on AWS with GDPR-focused data processing controls and planned EU infrastructure migration. We are migrating to eu-west-1 (Ireland) in Q3 2026. A Data Processing Agreement is available for all business customers.
Can I manage email consent inside NexusProMail?+
Yes. The platform records consent at the contact level, supports suppression lists that prevent sending to opted-out contacts, and generates signed unsubscribe links that are brand-scoped and tamper-proof.
Does NexusProMail support the right to erasure?+
Yes. DSAR (Data Subject Access Request) management is built in. You can locate, export or delete all data associated with a contact to meet erasure requests under Article 17 of GDPR.
Is a Data Processing Agreement available?+
Yes. A DPA is available to all business customers. Contact support@nexuspromail.com to request it.
What happens to bounced or complained addresses?+
NexusProMail automatically adds hard-bounced and complained addresses to your suppression list. The system checks suppression before every send, so you cannot accidentally email a suppressed contact.

Start sending GDPR-compliant email today

Free plan available. No credit card required. DPA on request.

Create free account →Request a DPA

Also read: Email deliverability guide · Email marketing blog