Brew believes strongly in protecting your data and strives to support your organization in complying with all privacy-related regulation including GDPR.
1. Introduction
The General Data Protection Regulation (GDPR) is a data privacy law that regulates the use of EU resident personal data, providing individuals rights to exercise control over their data and requiring organizations that process personal data to meet certain obligations.2. Roles
For email recipients’ data you upload to Brew, you are the controller and Brew is the processor. For Brew’s own site visitors, account/profile, billing, security logs, and similar data, Brew acts as a controller. See the Privacy Policy and the DPA.
3. Processor terms
When we process on your behalf, our Data Protection Addendum governs (data‑subject assistance, subprocessors, security, audits, deletion/return, cross‑border transfers/SCCs).4. Data minimization & restrictions
Only send what you need. Do not upload special categories of personal data or children’s data unless allowed by law and covered by written instructions and safeguards in our Data Protection Addendum. See our Acceptable Use Policy.5. Data Portability & Management
- Import: We provide tools to import your data a number of ways. This includes via CSV upload, syncing via outside integration, website signup forms, API, or manual input.
- Export: Brew allows you to easily export your data at any time from the same place you can import your data (the Audience section). We do not believe in ‘vendor lock-in’ as a business strategy, and do not make it difficult to switch to another platform.
- Account deletion: Your account and all data can be deleted at any time. Backups are deleted in the ordinary course of our backup rotation. To delete your account, please email support@brew.new.
- Account settings: We provide tools to manage any personal information associated with account and workspace settings, such as name, members, allowed email domains, and more from our settings.
6. Data Security
We utilize industry-standard protections to keep your data safe, including TLS for data in transit and AES-256 for data at rest, along with appropriate anonymization where applicable. However, no internet-connected service can ever be 100% secure. In the event of a future data breach, in accordance with GDPR we have protocols for promptly notifying any affected parties.7. Data subject rights (GDPR/UK GDPR)
If you received an email sent via Brew by our customer: contact the sender (our customer). They are the controller and must respond to GDPR requests. We assist them under our Data Protection Addendum. If your request concerns data for which Brew is the controller (e.g., account, billing, site usage), email legal@brew.new. We may need to verify your identity. You can also lodge a complaint with your local supervisory authority.8. International data transfers
We primarily process data in the United States. Where cross‑border transfer safeguards are required, we rely on appropriate mechanisms. See our Data Protection Addendum for details. Brew currently relies on the EU Standard Contractual Clauses (SCCs) (and the UK Addendum/Swiss equivalents) for cross‑border transfers. If Brew later self‑certifies to the DPF, we will update this page.9. Contact
You can contact us at legal@brew.new or by mail at: Brew Emails Inc.2248 Broadway 1933
New York, NY 10024