GDPR Compliance

Effective Date: April 05, 2026

1. Overview

TM Next is fully committed to complying with the General Data Protection Regulation (GDPR). This document outlines how we process, handle, and protect data for users residing in the European Economic Area (EEA), reflecting our uncompromising approach to digital privacy.

2. Your Rights Under GDPR

As a European user, you are entitled to specific rights regarding your personal information:

  • Right to Access: You can request information about the data we hold on you (which is strictly limited to active session cookies and ephemeral logs).
  • Right to Erasure ("Right to be Forgotten"): Our architecture automatically enforces this right. Your generated emails and session data are permanently destroyed from our servers shortly after receipt (typically within 2 hours).
  • Right to Rectification: Because we do not require registration or collect personally identifiable information (PII) such as names or addresses, there is inherently no personal data to correct.

3. Principle of Data Minimization

We rigorously adhere to the GDPR principle of "Data Minimization". We strictly collect only the absolute minimum telemetry required for the core service to operate:

  • We do not require user registration for standard access.
  • We do not ask for, or process, personally identifiable information (PII).
  • IP addresses are not stored permanently in our databases; they are only temporarily assessed by our automated firewall to prevent volumetric attacks.

4. Cookie Consent & Management

We utilize a Consent Management Platform (CMP) to govern the use of cookies. You retain the right to accept or reject non-essential cookies. Essential cookies, which are strictly required to maintain your active inbox session securely, are exempt from explicit consent under GDPR but are fully disclosed in our Privacy Policy.

5. International Data Transfers

Our infrastructure spans globally, meaning our servers may be located outside the EEA. We guarantee that any cross-border data transfer complies with standard contractual clauses and maintains the highest security standards, including mandatory end-to-end SSL/TLS encryption for all transit data.

6. Contact the Data Protection Officer

If you have specific GDPR-related inquiries or wish to formally exercise your data rights, please contact our Data Protection Officer directly at: [email protected]