Last updated: May 20, 2026
This GDPR Privacy Notice supplements our main Privacy Policy and applies to individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. It describes how Zerminum processes your personal data under the General Data Protection Regulation (GDPR) and equivalent laws, and explains the additional rights you hold as a data subject in these regions.
We process your personal data only where we have a lawful basis under GDPR Art. 6:
Processing necessary to provide the Service you have subscribed to, including account management, inbox provisioning, and subscription billing.
Processing for fraud prevention, security monitoring, and analytics. We have conducted a balancing test and determined these interests are not overridden by your rights where we apply appropriate safeguards.
Processing required to comply with applicable law, court orders, or lawful requests from competent authorities.
| Data Type | Retention Period |
|---|---|
| Account data (email, name) | Until account deletion + 30 days |
| Inbox email content (Free) | 1 hour after creation |
| Inbox email content (Pro) | 24 hours after creation |
| Billing records (Stripe) | 7 years (legal / tax requirement) |
| Server logs | 30 days (rolling) |
| Analytics data (PostHog) | 12 months |
Holmnium is operated from the United States. If you access the Service from the EEA, UK, or Switzerland, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction.
Where we transfer personal data internationally, we rely on:
You may request a copy of our transfer safeguards by contacting privacy@holmnium.cc.
Under the GDPR, you have the following rights with respect to your personal data:
Request a copy of the personal data we hold about you and information about how it is processed.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data (the 'right to be forgotten'), subject to legal retention obligations.
Request that we restrict processing of your data while a dispute about accuracy is resolved or an objection is pending.
Receive your personal data in a structured, machine-readable format and transmit it to another controller.
Object to processing based on legitimate interests, including profiling. We will stop unless we can demonstrate compelling legitimate grounds.
Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Lodge a complaint with your local data protection authority (DPA) if you believe your rights have been violated.
To exercise any of these rights, contact us at privacy@holmnium.cc. We will respond within 30 days. We may ask you to verify your identity before processing your request.
If you process personal data through Holmnium on behalf of others (e.g., as part of a business or SaaS product), you may need a Data Processing Agreement (DPA) with us. To request a DPA, contact privacy@holmnium.cc.
If you are located in the EU/EEA and believe we have infringed your GDPR rights, you have the right to lodge a complaint with the supervisory authority in your country of residence. A directory of EU DPAs is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.
© 2026 Holmnium · Zerminum