Privacy Policy

Last updated: 07/09/2025

1. Data Controller

This Privacy Policy regulates the processing of personal data carried out by LegallyMail (hereinafter, "LegallyMail"), belonging to Cowabi Ltd, with Company Number: 10092807 and registered office at 85 Great Portland Street, First Floor, London W1W 7LT, which acts as data controller.

You can contact our Data Protection Officer at: dpo@legallymail.com

2. Information Collected

LegallyMail collects and processes the following types of personal data:

2.1. Data provided directly by the user:

  • Registration data: Name, surname, email, password, phone and billing data.
  • Service usage data: Recipient email addresses, message content, attachments and generated certificates.
  • Billing data: Payment information (processed by our payment service providers), postal address, Tax ID/VAT.
  • Communications: Information provided in messages sent to our customer service or contact forms.

2.2. Data collected automatically:

  • Technical data: IP address, browser type, device, operating system, unique device identifiers, browsing data, language preferences.
  • Usage data: Statistics about service usage, access frequency, pages visited, interactions with the platform.
  • Cookies and similar technologies: Information collected through cookies and similar technologies, as detailed in our Cookie Policy.

3. Processing Purposes and Legal Basis

We process personal data for the following purposes:

Purpose Legal Basis Retention
Provision of certified email service
User registration, sending certified emails, managing evidence and certifications, and customer service. 		Performance of service provision contract. During the validity of the contractual relationship and subsequently during applicable limitation periods.
Payment and billing management
Payment processing, billing, accounting and tax management. 		Contract performance and compliance with legal obligations. During legal retention periods established in tax and accounting regulations (generally 6 years).
Service-related communications
Sending technical notifications, updates, security alerts and administrative information. 		Legitimate interest in keeping users informed about essential aspects of the service. During the validity of the contractual relationship.
Marketing and commercial communications
Sending commercial information about our services, offers and promotions. 		Consent of the data subject, which can be withdrawn at any time. Until unsubscription is requested or consent is withdrawn.
Service improvement
Usage analysis, statistics, satisfaction studies and development of new features. 		Legitimate interest in improving our services and user experience. Data will be anonymized when no longer necessary for this purpose.
Security and fraud prevention
Protection against unauthorized access, fraud and illegal activities. 		Legitimate interest in ensuring the security of our systems and users. During the time necessary to ensure security and subsequently during limitation periods for possible liabilities.

4. Data Recipients

LegallyMail may share personal information with the following categories of recipients:

  • Service providers: Companies that provide us with services necessary for the operation of the platform, such as payment service providers, cloud storage, email services, data analytics and customer service. All these providers are contractually bound to protect your data and can only use it for the specific purposes we entrust to them.
  • Public authorities: When required by law, court order or applicable regulation, or to protect our legal rights or those of third parties.
  • Email recipients: Contact data and message content will be shared with recipients of certified emails sent by you.
  • Third parties in case of corporate operations: In case of merger, acquisition or asset sale, data may be transferred to the resulting entity, always ensuring the same levels of protection.

5. International Data Transfers

Some of our service providers may be located in countries outside the European Economic Area (EEA) that do not provide an equivalent level of data protection. In these cases, we implement adequate safeguards to ensure the protection of your data, such as signing standard contractual clauses approved by the European Commission or adherence to the EU-US Privacy Shield.

You can request detailed information about these transfers and the safeguards applied by contacting our Data Protection Officer.

6. Data Subject Rights

In accordance with data protection regulations, you can exercise the following rights:

  • Access: Obtain confirmation about whether we are processing your personal data and, if so, access them.
  • Rectification: Request the correction of inaccurate or incomplete data.
  • Erasure: Request the deletion of your data when they are no longer necessary for the purposes for which they were collected, among other reasons.
  • Restriction: Request the restriction of processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, commonly used and machine-readable format, and transmit them to another data controller.
  • Objection: Object to the processing of your data for certain purposes, such as direct marketing.
  • Withdrawal of consent: Withdraw the consent given at any time.

You can exercise these rights by sending a request to our Data Protection Officer (dpo@legallymail.com) or to the postal address indicated above, attaching a copy of your identity document to verify your identity.

You also have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that your rights have been violated.

7. Data Security

LegallyMail implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration or accidental destruction, ensuring an adequate level of security to the risk. These measures include:

  • Data encryption in transit and at rest
  • Strict access controls based on the need-to-know principle
  • Continuous monitoring of our systems to detect vulnerabilities
  • Regular backups
  • Regular staff training on security and data protection
  • Regular privacy impact assessments

Despite these measures, no data transmission over the Internet or storage system can be guaranteed as 100% secure. If you have reason to believe that your interaction with us has ceased to be secure, please notify us immediately.

8. Data Retention

We retain personal data only for the time necessary to fulfill the purposes for which they were collected, including compliance with legal, accounting or reporting requirements.

Certificates and digital evidence are retained for a minimum period of 5 years, in accordance with applicable legislation, or for the time necessary for the formulation, exercise or defense of claims.

To determine the appropriate retention period, we consider the amount, nature and sensitivity of personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data and whether we can achieve those purposes by other means, as well as applicable legal requirements.

9. Use by Minors

Our services are not directed to persons under 18 years of age and we do not knowingly collect personal data from persons under 18 years of age. If you become aware that a minor has provided us with personal data, contact us and we will take the necessary steps to delete the information and deactivate the account.

10. Links to Third-Party Sites

Our platform may contain links to third-party websites. This Privacy Policy does not apply to those sites, so we recommend that you read the privacy policies of any website you visit.

11. Changes to the Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our information practices or to comply with legal obligations. The updated version will be published on our platform with the revised "last updated" date. We recommend that you review this Policy periodically.

Significant changes will be notified through a visible notice on our platform or by direct email to affected users.

12. Contact

If you have questions, comments or requests related to this Privacy Policy or the processing of your personal data, contact our Data Protection Officer:

  • Email: dpo@legallymail.com
  • Postal address: 85 Great Portland Street, First Floor, London W1W 7LT

We will handle all requests for information, access, rectification or deletion of personal data in accordance with applicable legislation.

Real-Time