Legal

Compliance

Last updated: 10 November 2025

TempusMail is committed to maintaining the highest standards of compliance with applicable laws, regulations, and industry standards to protect our users and their data.

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA). Our GDPR compliance includes:

  • Lawful basis for data processing
  • Data minimization and purpose limitation
  • Transparent privacy practices
  • User rights (access, rectification, erasure, portability)
  • Data breach notification procedures
  • Data Protection Impact Assessments (DPIAs)
  • Privacy by design and default

For more information, see our GDPR Compliance page.

Payment Processor Compliance

PayPal

We use PayPal as one of our payment processors. PayPal is PCI DSS Level 1 compliant and adheres to strict security standards. When you make a payment through PayPal:

  • Your payment information is processed securely by PayPal
  • We do not store your credit card or bank account details
  • Transactions are encrypted and protected
  • PayPal's User Agreement and Privacy Policy apply

NowPayments (Cryptocurrency)

For cryptocurrency payments, we use NowPayments. NowPayments complies with:

  • AML (Anti-Money Laundering) regulations
  • KYC (Know Your Customer) requirements where applicable
  • Secure blockchain transaction processing
  • Privacy-focused cryptocurrency payments

Zoho Payments

Zoho Payments is our additional payment gateway, complying with:

  • PCI DSS (Payment Card Industry Data Security Standard)
  • Bank-grade security and encryption
  • Secure tokenization of payment information
  • Compliance with regional payment regulations

Data Security Standards

We implement industry-standard security measures to protect your data:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access control (RBAC) and principle of least privilege
  • Authentication: Multi-factor authentication (MFA) support
  • Monitoring: 24/7 security monitoring and threat detection
  • Audits: Regular security audits and penetration testing
  • Incident Response: Comprehensive incident response and disaster recovery plans

International Data Transfers

We ensure that international data transfers comply with applicable regulations through:

  • Standard Contractual Clauses (SCCs) approved by regulatory authorities
  • Data Processing Agreements (DPAs) with service providers
  • Adequate safeguards for cross-border data transfers
  • Compliance with local data protection laws

Email Security Standards

Our email infrastructure complies with industry best practices:

  • SPF (Sender Policy Framework): Prevents email spoofing
  • DKIM (DomainKeys Identified Mail): Email authentication and integrity
  • DMARC: Email authentication and reporting
  • TLS: Encrypted email transmission
  • Spam Filtering: Advanced spam and malware protection

Accessibility Compliance

We strive to make our services accessible to all users, following WCAG 2.1 guidelines and ensuring our platform is usable by people with disabilities.

Regular Compliance Reviews

We conduct regular reviews of our compliance practices, including:

  • Quarterly security assessments
  • Annual privacy policy reviews
  • Continuous monitoring of regulatory changes
  • Staff training on compliance and security

Compliance Inquiries

For questions about our compliance practices or to report a security concern, please contact:

← Back to Home