FrozenSpam
FR Start for €1

Privacy policy

Version 1.0 — Effective May 24, 2026.

For a concrete, plain-language explanation of our privacy approach, see the Privacy page. This document is the GDPR-compliant legal formalization.

1. Data controller

V-Softs, represented by Emmanuel Daunizeau, Paris 75013, France. DPO email: the contact form.

2. Processing purposes

  • Provide the FrozenSpam anti-spam service (MX filtering, challenge-response, dashboard).
  • Bill and manage the customer account (via ACME SAS, distributor).
  • Respond to contact / support requests.
  • Improve the service (aggregate and anonymous analysis).

3. Legal basis

Contract execution (Terms + Sales Terms). No processing based on advertising consent — no commercial profiling.

4. Data collected

  • Account: name, email, domain, phone (optional), Argon2id-hashed password.
  • Mail processing: headers (sender, subject, date), engine result (pass / challenge / drop), 90-day retention.
  • Original quarantine mail: encrypted, stored max 30 days then purge.
  • Technical logs: Caddy 90 days, Postfix 90 days, dashboard 30 days.

5. Data NOT collected

  • Mail content beyond the quarantine window.
  • Advertising or behavioral profiling.
  • Data transmitted to commercial third parties.

6. Storage location

France exclusively. Bare metal OVH (Roubaix), ISO 27001 and HDS-certified datacenters. No transfer outside the EU.

7. Subprocessors

  • OVH SAS (hosting, France) — GDPR subprocessor.
  • Let's Encrypt (TLS certificates) — no personal data transmitted.
  • ACME SAS (distributor, billing) — inter-entity DPA.

8. Retention duration

See detailed table on privacy. Summary: technical data 90 days, original quarantine mail 30 days max, account data while active + 30 days post-cancellation purge.

9. Your rights

Right of access, rectification, erasure, portability, objection, restriction. Response time: 72 business hours. Contact: the contact form.

Recourse possible with CNIL (www.cnil.fr/en) in case of disagreement.

10. Cookies

The frozenspam.com site uses only strictly necessary cookies (session, CSRF). No advertising cookies, no third-party trackers by default. If Microsoft Clarity is one day activated (heatmap), it will be opt-in via explicit banner.

11. DPA (Data Processing Agreement)

Standard FrozenSpam DPA provided on request. Custom DPA available for Volume plans. Request: the contact form.

12. Security

  • HTTPS mandatory (HSTS).
  • Passwords hashed Argon2id (one-way).
  • Quarantine stored encrypted.
  • Restricted admin access (SSH keys, fail2ban).
  • Encrypted daily backups.

13. Modification

Any substantial modification is notified by email with 30 days' notice. Previous version retained on request.