Trust us to protect your data and adhere to a rigid standard of excellence
ISO 27001 Certified
ISO 27001 is the leading international standard focused on information security. A certification with this standard shows competence that an information security program is in place:
- To protect customers through confidentiality, integrity, and availability attacks on data.
- That aligns with 140+ controls to identify, investigate, and act on potential security incidents, with annual risk assessments completed to ensure threats are handled appropriately.
ISO 27701 Certified
ISO 27701 is similar to the ISO 27001, but takes into account data privacy in addition to Information Security. Our information security and privacy program are intertwined into one program, and this additional certification shows that Email on Acid has a privacy program in place that meets similar requirements to GDPR and is continuously improving. Email on Acid offers both certifications for all current products.
SOC 2 Type I Compliant
The SOC 2 Type I is an audit report given out annually that tests operational, security, availability, and confidentiality controls at a single point in time. This is a highly regulated audit that results in a professional opinion on the effectiveness of our system controls after rigorous testing. All reports can be found at https://security.mailgun.com.
GDPR Compliant
GDPR is known by most to be the most comprehensive privacy law in the world. Our products abide by this privacy law, and combined with our ISO 27701, Privacy Policy, and Data Processing Agreement, Email on Acid customers can be sure that their data is treated appropriately. GDPR applies directly to data of people in the EU, but given the global reach of Email on Acid, we treat all data the same. Given the constant changing landscape of individual state privacy laws in the U.S. (NYDFS, CCPA, etc.), abiding by GDPR covers all customers well. For more information in our privacy program, please visit
https://mailgun.com/gdpr.
Internal Controls
The Chief Information Security Officer oversees the Information Security Program for Email on Acid. As with all our products, security is addressed with three broad areas:
- Overall corporate security and controls.
- The environment and application.
- The connections to the system.
The Email on Acid security program includes technical, operational and automated controls to provide an environment that has security built-in, utilizing cloud hosting providers that have state-of-the-art facilities and controls to help protect data and ensure availability.
If there are questions on specific security topics, please contact us.
Account and User Security
In addition to our internal security controls, we also provide features that ensure further account and user security:
- Screenshot authentication – ensure every email preview link is protected with credential secured and time-rotated URLs.
- Two-factor authentication – User-level two factor authentication is enforced for all accounts.
- Customizable user permissions – Control permission at the user level to ensure proper access across the platform.