Privacy Policy

This Policy describes the principles of processing Personal Data that is submitted to Touchpoint or that otherwise becomes available to Touchpoint in connection with the use by the Clients and other users of the Website, Software, and Service.

This Policy is an agreement between the Clients and Touchpoint, which states how Personal Data submitted by the Clients is processed by Touchpoint on behalf of the Clients.

Please read this Policy carefully to understand the practices that Touchpoint applies regarding processing of Personal Data.

This Policy constitutes an integral part of the agreement entered into between the Clients and Touchpoint. By viewing the Website and/or using the Software and Service, the Clients confirm that they have familiarized themselves with this Policy, understood it, and agree to its terms.

This Policy also constitutes a data processing agreement between the Clients (as Controllers of Personal Data) and Touchpoint (as Processor of Personal Data) in the meaning of article 28 of GDPR (General Data Protection Regulation (EU) No 2016/679 of the European Parliament and Council).

Touchpoint shall be entitled to unilaterally review and amend this Policy from time to time. Therefore, Touchpoint advises to periodically review the Policy in the case of any changes to it. Continued use of the Website, Software, and Service means the consent to any such changes.

If the Client or other users do not agree with any or all terms of this Policy or any possible changes to it, then they should immediately close the Website and cease using the Software and Service.

  • Definitions

    • Client(s) means a legal entity that registers for and uses the Touchpoint Service provided by Touchpoint.
    • Content means email templates and related material (including HTML or text) created or uploaded by the Client while using the Service, which may in rare cases contain personal data.
    • Data Subjects means all natural persons, whose personal data is submitted to Touchpoint by the Clients or by the natural persons directly in connection with using the Website, Software, and the Service
    • GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
    • Policy means this privacy policy of Touchpoint as amended from time to time.
    • DPA means the data processing agreement between Touchpoint and the Client incorporated into this Policy.
    • EU Standard Contractual Clausesmeans (i) the standard contractual clauses adopted by the European Commission on 4th June 2021 for the transfer of Personal Data to third countries pursuant to the GDPR; or (ii) such other standard contractual clauses that are approved by the European Commission for Controller to Processor transfers of Personal Data to a third country which has not received an Adequacy Decision.
    • Personal Datameans (i) the standard contractual clauses adopted by the European Commission on 4th June 2021 for the transfer of Personal Data to third countries pursuant to the GDPR; or (ii) such other standard contractual clauses that are approved by the European Commission for Controller to Processor transfers of Personal Data to a third country which has not received an Adequacy Decision.
    • Processingmeans any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    • Controllermeans the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
    • Processormeans a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
    • Transfermeans (i) a transfer of Personal Data from the Client to Touchpoint; or (ii) an onward transfer of Personal Data from Touchpoint to a subcontracted Processor or between two establishments of Touchpoint.
    • Servicemeans the suite of online tools provided by Touchpoint for creating and exporting HTML email templates for marketing purposes, which includes AI functionalities powered by third-party providers.
    • Touchpointmeans Textmagic AS, a private limited company registered in Estonia (registry code 16211377), providing the Touchpoint Service.
    • Websitemeans the Touchpoint website www.touchpoint.com through which the Service is accessed.
  • Scope of Data Processing

    • Touchpoint is a web-based platform for generating email templates. The Service is not designed for the processing or long-term storage of personal data. Touchpoint does not actively collect or store personal data through the Service, except in the limited instances described below.
    • We act as a data Processor in relation to personal data submitted by Clients when using the Service. Clients as the Controllers are responsible for ensuring that such data has been collected and is processed in accordance with applicable laws, including having a legal basis and providing notice to data subjects.
  • What Personal Data Do We Process?

    • We may process the following categories of personal data in connection with the Touchpoint Service:
      • Client user account data– If you register for the Service, we may collect your company name, business email address, and billing information for account setup and administration.
      • Recipient data (optional and Client-provided)– – Clients may enter or include email addresses of recipients as part of template content. This data is processed solely on the Client’s initiative and is not required for using the Service. The Client is acting as data Controller with regard to any recipient data.
      • Content data (if applicable)– Clients may include names or other identifiers in template text fields. This data is stored temporarily and not actively accessed by Touchpoint.
      • Technical and usage data– We collect usage logs, browser type, IP address, device data, and other metadata to monitor access, security and improve functionality.
  • Objectives of Processing of Personal Data

    • Touchpoint processes the Personal Data upon:
      • Usage of the Software and Service by the Clients, including when they submit to Touchpoint information about their clients (Touchpoint is acting as Processor);
      • Communication between Clients and/or Data Subjects and customer support of Touchpoint in connection with the Website, Software, and Service (Touchpoint is acting as Controller).
    • Touchpoint works closely with third parties (including, for example, business partners, information service providers such as AI service providers, email delivery providers, sub-contractors in technical, payment, and delivery Service, advertising networks, analytics providers, search information providers, credit reference agencies, large language model providers) and may receive Personal Data from them or submit the Client’s Personal Data to them for the purposes of providing the Service and performing the contracts entered into with the Clients.
    • Touchpoint sends messages to the Clients by electronic means (e-mail or SMS) with information about improvements to the Website, Software and Service, new proposals, and developments (direct marketing). Touchpoint sends such messages to the contact details provided by representatives of the Clients at the moment of registration or updated later. The Clients confirm hereby and guarantee that contact details provided by representatives of the Clients are at all times company details of the Clients, but not personal contact details of representatives and therefore Touchpoint can use such contact details freely to send its marketing messages without any additional obstacles. The Clients may at any time unsubscribe from the newsletters by clicking on the corresponding specific link contained in each newsletter.
  • Legal Basis for Processing

    • Touchpoint processes personal data as both a data Controller and a data Processor. When Touchpoint collects and processes Personal Data for its own purposes (e.g., for account management or analytics), it acts as a data Controller. When Touchpoint processes personal data provided by Clients in connection with the Content created using the Service, it acts as a data Processor, and the Client remains the data Controller.
    • The legal bases relied upon by Touchpoint for processing personal data under the GDPR include:
      • Article 6(1)(b) GDPR – Performance of a contract:Processing is necessary for the performance of a contract to which the Client is a party, or in order to take steps at the request of the Client prior to entering into a contract. This includes processing required to provide the Service, manage user accounts, and deliver support.
      • Article 6(1)(c) GDPR – Compliance with a legal obligation:Processing is necessary for compliance with legal obligations to which Touchpoint is subject, including obligations related to taxation, accounting, fraud prevention, and responding to legal requests from competent authorities.
      • Article 6(1)(f) GDPR – Legitimate interests:Processing is necessary for the purposes of the legitimate interests pursued by Touchpoint, such as improving the functionality of the Service, ensuring network and information security, and preventing abuse. These interests are balanced against the rights and freedoms of the data subjects.
      • Article 6(1)(a) GDPR – Consent:Where required, processing is based on the data subject’s consent, for example in relation to cookies, marketing, or the processing of optional information provided voluntarily. Consent may be withdrawn at any time without affecting the lawfulness of processing prior to its withdrawal.
    • Where Touchpoint acts as a data Processor on behalf of the Client, the Client is solely responsible for determining the applicable legal basis for processing and for complying with relevant data protection obligations as the data Controller.

  • Data Transfers and Access

    • We restrict access to personal data to those who need it for service delivery and support, and limit transfers to third parties to what is strictly necessary for providing the Service. These transfers may include:
      • Third-party service providers,such as hosting Service, payment Processors, analytics tools, and AI platforms (e.g., Claude API), who process data under our instruction and based on appropriate contracts;
      • Public authorities,where required by applicable law, regulation, or binding legal process.
    • All third-party access is governed by appropriate data processing agreements that ensure such parties only process personal data in accordance with our instructions and applicable data protection laws.

    • Touchpoint does not sell or otherwise disclose personal data to unauthorised third parties. Any transfers carried out in the context of the Touchpoint Service remain limited, purpose-bound, and appropriately safeguarded.

  • International Data Transfers

    • Touchpoint operates within the EEA and does not, in the normal course of providing the Touchpoint Service, transfer personal data to third parties or to countries outside the EEA. Any incidental data transfers that may occur through use of subProcessors (such as cloud hosting or AI service providers) are subject to appropriate safeguards.
    • here such transfers are necessary, we ensure adequate protection of personal data through one or more of the following mechanisms:
      • EU Standard Contractual Clauses (SCCs);
      • Transfers to countries with European Commission adequacy decisions;
      • their lawful mechanisms compliant with the GDPR.
    • It remains the Client’s responsibility, as the data Controller, to ensure that any personal data included in Content is lawfully collected, transferred, and processed in accordance with applicable laws. This includes ensuring that appropriate data subject notices and consents are in place when required.

  • Data Retention

    • We retain personal data only for as long as necessary to fulfil the purposes described in this Policy or as required by law.
    • Personal data embedded in templates or provided through usage is stored temporarily for a maximum of 60 days and then deleted according to automated retention settings. Account-related data may be stored longer for tax or audit purposes.
    • In case of closing an account, the Clients must accept the deletion of account data and Content.
  • In case of closing an account, the Clients must accept the deletion of account data and Content.
  • Data Security

    • We use appropriate technical and organisational safeguards to protect your data. Measures include:
      • Role-based access control and employee training;
      • Data encryption during storage and transmission;
      • Secure authentication and logging;
      • Incident detection and response procedures.
    • Although we apply industry-standard protections, no system is completely immune from risks. Clients are responsible for securing their account credentials.

  • Your Rights

    • As a data subject, you have the following rights under applicable data protection laws, including the GDPR:
      • Right of access – You have the right to obtain confirmation as to whether or not your personal data is being processed, and, if so, access to that data and information about the processing.
      • Right to rectification – You have the right to request correction of inaccurate or incomplete personal data.
      • Right to erasure – In certain cases, you may request that we delete your personal data (also known as the "right to be forgotten").
      • Right to restriction of processing – You may request that we restrict the processing of your personal data under certain conditions.
      • Right to data portability – You may request to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another Controller.
      • Right to object – You may object to the processing of your personal data when it is based on legitimate interests or used for direct marketing purposes.
      • Right to withdraw consent– Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
      • Right to lodge a complaint– – You have the right to file a complaint with a data protection supervisory authority, particularly in the Member State of your residence, place of work, or where the alleged infringement took place.
    • To exercise any of your rights or if you have questions regarding your personal data, you may contact us at: [email protected]. We will respond in accordance with applicable legal requirements and within the time limits established by law.

  • Cookies

    • For information about our use of cookies, please refer to the "Use of Cookies" section in the Touchpoint Terms of Service.
  • Changes to This Policy

    • We may update this Policy from time to time. Updates will be published on our Website with a new revision date. We encourage users to review it regularly.
  • Contact Information

    • Should you have any questions regarding this Policy or the processing of Personal Data, you are welcome to contact Touchpoint with all such requests, inquiries or any complaints via e-mail: [email protected].

UPDATED: 20 May 2025

© 2025 TouchpointAll Rights Reserved