If you are a Mailjet user, you probably know that we’ve been putting data privacy and security first for a long time, working hard to guarantee the highest standards for all our users.
As a European entity, we abide by the EU’s General Data Protection Regulation. In fact, we were the first company to obtain the AFAQ certification from AFNOR, which guarantees compliance with the principles of GDPR. This hasn’t changed and Mailjet will continue to offer a GDPR-compliant email solution for all of our clients around the world.
Mailjet also makes data security a priority, which is why we went through the rigorous process to obtain the ISO 27001 certification, the international standard for best practices of information security process. This certification requires companies to not only implement company-wide processes pertaining to security policies, data handling and access, but also infrastructure controls.
Our security processes begin with our product development, and the scope, lifecycle and fundamental principles of Mailjet’s security policy are to the highest standard, ensuring all information hosted on the Google Cloud platform is secure.
Mailjet’s ‘privacy by design’ approach ensures that personal data processing is compliant from the very beginning.
We ensure the protection of our customers’ data from end to end through the implementation of strong technical and organizational measures including, our data retention periods, data storage and transfers, and encryption protocols – are publicly available under the principles of accountability and transparency we prioritise at Mailjet.
The most important regulation businesses with European contacts need to comply with is the EU General Data Protection Regulation (or GDPR).
GDPR came into force on May 25, 2018. Any company, organization, association and administration, both European or non-European with EU customers, has to comply with GDPR. And this doesn’t just affect your own business, it also means that any third-party solutions you work with has to be GDPR-compliant as well.
Mailjet was the first company to obtain the AFAQ certification from AFNOR, which guarantees compliance with the principles of GDPR, and our clients can continue to expect the highest level of data protection.
Darine Fayed, Head of Legal and Data Protection Officer at Mailjet
At Mailjet, all our data is and will continue to be stored in EU servers.
While GDPR doesn’t strictly demand that EU citizen’s data remains in the EU, it does require that the physical servers where the data is stored are safe and under protection, and that any data transfer out of the EU has to be done under strict rules.
By keeping our data servers in the EU, we offer our clients additional reassurance over the privacy and security of their data, as we can ensure that their protection is ruled by the stricter European laws.
Over the last few months, the United States’ CLOUD Act (or Clarifying Lawful Overseas Use of Data Act) has become an important issue in the data privacy landscape. The CLOUD Act came into effect on March 23, 2018 and allows federal law enforcement to request the data stored on US-based technology companies servers, regardless of where those servers are based. This includes companies most of us use on a daily basis, like Apple, Google, Facebook or Microsoft, as well as most companies hosted on a cloud infrastructure (GCP, AWS, Azure, etc.).
However, there are many misconceptions surrounding the CLOUD Act. US authorities can only request disclosures to personal data directly related to the investigation of serious criminal activities and/or national security concerns, and will have to do it through a warrant or subpoena.
Like many of our European competitors, our data is stored on Google Cloud servers in Europe, meaning we were already under CLOUD Act requirement and our recent acquisition doesn’t affect this. Mailjet will continue to adhere to the strictest security standards under its ISO 27001 certification. All our data will continue to be secured and encrypted at rest, and can only be requested for the investigation of serious criminal activities.
Data security is key for email sending. When you partner with Mailjet, all your data is stored on servers within Europe (Google Cloud Platform). Your data is copied and placed in separate locations in real-time, and all communications sent through our application are encrypted.
One of the ways in which we protect the information contained in emails is through encryption. Contrary to popular belief, DKIM does not provide encryption of the messages, however, it does add a layer of authentication that helps you protect your emails.
Mailjet encrypts the channel that sends your email from server A (your sending server) to server B (your recipient’s server). This is the role of the Transport Layer Security, or TLS. The only issue here is that TLS is still not used by all the ISPs. Meaning that if you send a TLS encrypted message and your recipient’s server doesn’t follow this protocol, the encryption won’t be effective.
We’ve already mentioned how important it is to ensure that the servers where the data is stored are safe.
If you rely on a third party to store the data, look for solutions that offer the best guarantee for concerns like redundancies, fire risk prevention, high security levels, energy self-sufficiency, and so on. Since you’re not the one directly managing the server, you have to be sure that all of these necessary precautions are followed, to ensure the maximum level of security. If you have European customers, having your servers located in Europe can also be a good idea, since the stricter European laws will apply. Both Mailjet and Mailgun have servers in the EU to help ensure optimal security and privacy.
To ensure our servers are secure, Mailjet keeps its data in the European Union, where the privacy and security requirements of GDPR guarantee the highest level of protection, including limited access to the servers and 24/7 surveillance. On top of that, our data centers are controlled against power failure, with redundant power systems.
Learn more about data security at Mailjet on our blog post ‘What Makes Mailjet a Secure Email Solution?’
Do you have any more questions about Privacy and Security at Mailjet? Check out our FAQs to learn more about how we use and store your data, or send your questions directly to our team by filling in a Support ticket.
