We do not rent or sell your information to other companies or individuals, unless we have your consent. We may share such information in any of the following limited circumstances:
- We have your consent.
- We conclude that we are required by law or have a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of MailGenius or the public.
- If you have an account, we may share the information submitted under your account among all of our services in order to provide you with a seamless experience and to improve the quality of our services. We will not disclose your account information to other people or non-affiliated companies, except in the limited circumstances described in this Policy or with your consent.
Data Security Policy
Our data protection policy sets out our commitment to protecting client data and how we implement that commitment with regards to the collection and use of client data.
We are committed to:
- Ensuring that we comply with the data protection principles, as listed below.
- Ensuring that data is collected and used fairly and lawfully. Processing client data only in order to meet our operational needs or fulfill legal and contractual requirements.
- Establishing appropriate retention periods for client data.
- Ensuring that data subjects’ rights can be appropriately exercised.
- Providing adequate security measures to protect client data.
- Ensuring that all staff is made aware of standard practice for data protection.
- Ensuring that queries about data protection, internal and external to the organization, is dealt with effectively and promptly.
- Regularly reviewing data protection procedures and guidelines within the organization.
Our data protection principles:
Client data shall be processed fairly and lawfully. Client data shall be obtained with the purpose of completing our contractual obligation to the Client, and shall not be further processed in any manner incompatible with that purpose. Appropriate technical and organizational measures shall be taken against the unauthorized processing of Client data, and against the accidental loss, destruction, or damage to client data. To this end, Client data will be stored on our servers and protected with modern encryption.
Security Assessments and Compliance
MailGenius’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
MailGenius Security Best Practices
Encrypt Data in Transit
- We enable HTTPS for applications and SSL database connections to protect sensitive data transmitted to and from applications.
Encrypt Sensitive Data at Rest
- All sensitive data is encrypted within databases to meet our data security requirements. Data encryption is deployed using industry standard encryption.
Secure Development Practices
- All engineering is done in house at MailGenius, following best practices and using up to date security patches tools. Authentication
- To prevent unauthorized account access to our platforms we enforce strong passphrase, SSH keys, and 2FA for our data critical employees.