General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)


The General Data Protection Regulation (GDPR) is the new European data protection regulation adopted by the EU Commission. It replaces the EU Data Protection Directive, also known as Directive 95/46/EC.

The GDPR became effective on May 25, 2018.  Any organization that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.

In this page, we will provide information about what have we done at WorldPosta to be ready for GDPR and the other services we offer to our users.

The GDPR applies to both individuals and businesses and regulates the way in which personal data of citizens in the European Union should be handled.



Personal Data Collection


We at WorldPosta have always believed in the importance of the privacy and how data and user should never be violated, hence, we welcome the enforcement of GDPR.

As mentioned to our users, we never serve ads, we have never collected our user’s personal data and information. At every point where we get the user information, we clearly state the purpose of the data and how it will be used.


Data security

Every layer of WorldPosta mail and other services has security built into it, in particular, we have proved our commitment to data privacy and protection by meeting the industry standards for ISO 27001, and SOC 2 Type 2.

WorldPosta datacenters are located in the most secure data centers around the world, as a part of the GDPR compliance process, we use data centers from Amazon AWS and Google GCP to ensure the highest security to it.


Data Encryption

The Data transmissions when using WorldPosta Mail and other services via POP/ IMAP/ SMTP are encrypted using Transport Layer Security (TLS) protocol. We also use the latest and secure ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for encryption. These ensure that your data is protected from unauthorized access, disclosure or modification. All data transfers in web happen in secure mode (https).


The service data stored in WorldPosta Mail and other services are Encrypted At Rest(EAR). All the data are encrypted in transit also. We believe our highly secure physical controls at data centers and transit level encryption ensures that your data stays well protected.


Data Access

Each and every user can access only the email account exclusively created for him/ her. When the user is a part of groups, created by the admins, the user gets to access the emails sent to the group which can be controlled by the administrator using the moderation settings for the groups. Apart from that, when the user gets some emails or folders explicitly shared with him/ her, the user gets access to that data, until the owner allows him/ her to do so.


Data Rectification

Users can edit their personal information in their profile, except the email address provided by the administrator. The organization administrator has permissions to add email aliases or remove aliases or change the primary email address of the user.


Data Deletion

We have appropriate features in the web interface to allow the user to delete his/ her data. You can delete your email data using the Delete option. When you delete the users, the data associated with the user will be scheduled for deletion and will be deleted within 30 days of actual user deletion.


Data Portability

WorldPosta mail and other services provide a feature to export email data from your account. The exported emails are presented in.CSV format. The administrator can export the data of users in the organization or the users can export themselves. The administrator can control whether the data can be exported by the user or not.


Data Retention

When you delete emails they are moved to Trash. The files in Trash can be restored until they are automatically cleaned up by the system. The data retention period is up to 60 days depending on your pricing plan, after that the emails will be permanently deleted.


Data Disclosure

Data Disclosure is the level of access within the service, where only authorized users can access, alter or delete service data. In the organization set up, the administrator has permissions to change some parts of user data like names, profile images etc. Similarly being the administrator the person can delete the user, add them to groups or remove them from groups, create/ remove aliases, set up mail policies and export user data for backup or compliance purposes.


Audit logs

Data audits help you to secure the system and monitor the Organization administration related activity performed in the Control Panel or usage trend of the Control Panel. The administrator activity logs record the actions by the administrator in the Control Panel and will offer information about various activities in the control.