MassMailer is a native Salesforce Email solution that uses the SendGrid Email platform to send emails. MassMailer does not store any data outside of Salesforce. MassMailer delivers emails to SendGrid to process. SendGrid stores the email activity for a maximum of 30 days before it deletes it. SendGrid does retain some information such as the suppression list, unsubscribes, bounces, spam reports.

SendGrid is GDPR compliant as of May 25, 2018. Please note that SendGrid does not – and does not currently have plans to – use servers or data centers in the European Union to process email. Thus, SendGrid cannot restrict data to the EU. However, neither the current EU law nor the GDPR requires this. SendGrid does offer a Data Processing Addendum (DPA) to provide such adequate safeguards, which includes provisions for when GDPR goes into effect.

More info on GDPR can be found here. SendGrid's DPA can be reviewed and signed by filling out the information here.

As the MassMailer app sends emails through SendGrid's Email API, this data is automatically deleted within 30 days. Please note that certain account information may be retained for legal and compliance purposes in accordance with the SendGrid Privacy Policy; SendGrid will protect the data from processing for any other purposes and will automatically delete it when no longer needed for those purposes.

The following is additional helpful documentation as well: