Last updated: 08.31.2025.

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between AtrioSolutions LLC (“AtrioMail”, “we”, “our”, “us”) and the customer (“Controller”, “you”, “your”) who uses AtrioMail services through atriomail.com, system.atriomail.com, and any other subdomains operated by AtrioSolutions LLC.

This DPA reflects the parties’ agreement regarding the processing of personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

---

1. Roles and Responsibilities

• The Customer is the Data Controller and determines the purpose and means of processing personal data.
• AtrioSolutions LLC is the Data Processor and processes personal data only on documented instructions from the Controller.

---

2. Subject Matter of Processing

AtrioMail provides email hosting and related services. The processing of personal data may include:

• Creation and management of email accounts.
• Transmission and storage of email data.
• Logging for security, analytics, and error monitoring.
• Billing and payment processing.

---

3. Duration of Processing

Processing begins when the Controller registers for AtrioMail services and continues until the account is terminated. Upon termination, all personal data is deleted immediately, except where retention is required by law (e.g., billing records).

---

4. Types of Personal Data

The personal data processed may include:

• Customer account details (name, email address, company, billing information).
• End-user data within email accounts (email addresses, communication content).
• Technical data (IP addresses, logs, device information).

---

5. Data Subject Categories

• The Controller’s employees, contractors, or customers who use AtrioMail email accounts.

---

6. Obligations of AtrioSolutions LLC

AtrioMail shall:

1. Process personal data only on documented instructions from the Controller.
2. Ensure confidentiality of persons authorized to process personal data.
3. Implement appropriate technical and organizational measures for security.
4. Assist the Controller in fulfilling GDPR obligations, including data subject rights requests.
5. Notify the Controller without undue delay in the event of a personal data breach.
6. Delete or return all personal data upon termination of services.
7. Make available information necessary to demonstrate compliance.

---

7. Sub-Processors

The Controller authorizes AtrioMail to engage the following sub-processors:

• Hetzner Online GmbH (EU) – hosting infrastructure
• Amazon Web Services SES (EU) – email delivery
• Sentry (EU) – error logging
• Posthog (EU) – analytics
• Stripe, Inc. (US/EU) – payment processing

AtrioMail shall ensure that sub-processors are bound by written agreements that meet GDPR standards.

---

8. International Transfers

Although AtrioSolutions LLC is incorporated in the United States, personal data is primarily processed within the European Union.
Where data is transferred outside the EU, AtrioMail uses safeguards such as the European Commission’s Standard Contractual Clauses (SCCs).

---

9. Controller Obligations

The Controller is responsible for:

• Ensuring that data subjects’ personal data is collected lawfully.
• Providing necessary notices and obtaining consent where required.
• Maintaining the accuracy of data submitted to AtrioMail.

---

10. Governing Law

This DPA is governed by the laws of the State of Delaware, United States.
For EU customers, AtrioMail complies with GDPR requirements for processing personal data.

---

11. Contact

Questions regarding this DPA should be directed to:

AtrioSolutions LLC
131 Continental Dr, Suite 305
Newark, DE 19713, United States
Phone: +1 (302) 520 3708
Email: [email protected]