Product Update: Setting New Standards for Compliance and Security  

Sinch Email on Acid has been a longtime provider of industry leading email testing with the best email preview functionality in the industry, comprehensive testing, and deep analytics. And no matter if you’re a large-scale enterprise, or a small-scale freelancer, we have the technology you need to put your best email forward 100% of the time.

The same goes for security and compliance. We believe this is the foundation of our business and a driving factor for many leading brands. So, no matter what your goals and objectives are, you can rest assured that we have you covered.

The Chief Information Security Officer oversees the Information Security Program for Email on Acid. As with all our products, security is addressed with three broad areas:

• Overall corporate security and controls.
• The environment and application.
• The connections to the system.

The Sinch Email on Acid security program includes technical, operational and automated controls to provide a secure and available environment.

Account and user controls

In addition to our internal security controls, we also provide unique features that ensure further account and user security:

• Screenshot authentication – ensure every email preview link is both protected and secure with credential secured and time-rotated URLs.
• Two-factor authentication – User-level two factor authentication is enforced for all accounts.
• Customizable user permissions – Control permission at the user level to ensure proper access across the platform

The privacy of your data is important to us. That’s why among our other compliances and certifications, the in-app test data you generate will only be retained in our system for 90 days before it is permanently deleted. This ensures that your data footprint within our systems remains safe yet accessible. If you do need to save projects, you will have the opportunity to save select items that are used in your day-to-day email processes. Email analytics data will also be retained for longer than 90 days to ensure you have access to the information you need to maintain a successful email program. 

ISO 27001 is the leading international standard focused on information security. A certification with this standard shows competence that an information security program is in place:

• To protect customers through confidentiality, integrity, and availability attacks on data.
• That aligns with 140+ controls to identify, investigate, and act on potential security incidents, with annual risk assessments completed to ensure threats are handled appropriately.

ISO 27701 is similar to the ISO 27001, but takes into account data privacy in addition to Information Security. Our information security and privacy program are intertwined into one program, and this additional certification shows that Email on Acid has a privacy program in place that meets similar requirements to GDPR and is continuously improving. Email on Acid offers both certifications for all current products.

The SOC 2 Type I is an audit report given out annually that tests operational, security, availability, and confidentiality controls at a single point in time. This is a highly regulated audit that results in a professional opinion on the effectiveness of our system controls after rigorous testing. All reports can be found at https://security.mailgun.com.

GDPR is known by most to be the most comprehensive privacy law in the world. Our products abide by this privacy law, and combined with our ISO 27701, Privacy Policy, and Data Processing Agreement, Email on Acid customers can be sure that their data is treated appropriately. GDPR applies directly to data of people in the EU, but given the global reach of Email on Acid, we treat all data the same. Given the constant changing landscape of individual state privacy laws in the U.S. (NYDFS, CCPA, etc.), abiding by GDPR covers all customers well. For more information in our privacy program, please visit
https://mailgun.com/gdpr.