The best EU transactional email API: what to actually check
Every provider's marketing page says 'EU-friendly.' Here's the checklist for finding out whether that's true for your specific requirement, plus where Envello and the alternatives stand.
Where does data actually live?
"EU region available" and "EU by default" aren't the same claim. Ask whether the API, the database, the logs, and the backups all sit in the EU, or just the sending endpoint. Envello runs all four in the EU (SES eu-central-1, Hetzner Frankfurt and Nuremberg for everything else).
Is the DPA behind a sales call?
Some providers gate a signed DPA behind an enterprise plan or a sales conversation. Check whether you can get one on the tier you're actually going to pay for, including free. Envello ships a signed DPA on every plan.
Can the price move on you?
Per-email pricing is easy to compare; what happens after a repricing announcement isn't. Ask what notice period you get and whether existing customers are grandfathered. Envello locks your tier price for 24 months, with 6 months' notice and grandfathering before any change after that.
How long do logs actually stick around?
Debugging a bounce from a customer complaint three months old requires logs that are still there. Confirm the default retention on the tier you'd actually use, not the headline number on the highest plan. Envello: 7 days free, 90 days Pro, configurable up to 365 on Scale.
Where each provider stands
Provider specifics change; verify current details against each provider's own docs before deciding. Envello's row reflects what's live today.
| Provider | Data residency | DPA | Log retention |
|---|---|---|---|
| Envello | EU by default: API, DB, logs, backups | Signed on every plan, including free | 7 to 365 days, tier dependent |
| Resend | Check current region coverage against your compliance requirement | Check plan-level DPA availability | Check current retention window |
| Postmark | Check current region coverage against your compliance requirement | Check plan-level DPA availability | Check current retention window |
| SendGrid | Check current region coverage against your compliance requirement | Check plan-level DPA availability | Check current retention window |
| Mailgun | Has an EU sending region (api.eu.mailgun.net) | Check plan-level DPA availability | Check current retention window against your tier |
| Amazon SES | EU region available (eu-central-1 and others); no log search or suppression UI built in | Available directly through AWS | Raw SNS notifications, not a searchable log by default |
Before you pick one
Is "EU region available" enough for GDPR compliance?+
It depends on your specific requirement, and this isn't legal advice. Some teams need the sending endpoint in the EU; others need every system that touches personal data, including logs and backups, to stay there too. Check your own DPIA or ask your DPO which standard applies, then verify the provider meets that specific bar rather than the general claim.
Does a signed DPA on the free tier actually matter?+
If you're processing personal data (recipient emails count) as a processor for your own customers, you likely need a DPA in place before you go to production, not after you've outgrown the free tier and hit a sales call. Confirm this before building on a provider's free plan.
What's the honest tradeoff of calling SES directly instead of any wrapper?+
SES is cheaper on paper (AWS's per-email rate and nothing else) until you count the engineering time spent building a log viewer, bounce/complaint parsing, webhook retry logic, and suppression handling yourself. For most teams past a handful of email types, that build-and-maintain cost exceeds a managed layer's price within the first few months.