Skip to content

Security we take seriously

Protecting customer data is a top priority. Here is how our infrastructure, data handling, and recovery are built to keep your lists safe.

Infrastructure

Our architecture is built to be secure and reliable, in certified data centers, with recovery built in.

SOC 1 Type 2SOC 2 Type 2HIPAA Type 1HITECHPCI DSS

System architecture

Built to be secure and reliable. API access happens locally with a key kept out of public reach, and traffic to and from our Mailman servers runs over SFTP, SSH, and SSL.

Data centers

Our applications run on Linode, certified SOC 1 Type 2, SOC 2 Type 2, HIPAA Type 1, HITECH, and PCI DSS.

PCI DSS

Payments and card data are handled by Authorize.net, a certified PCI Level 1 Service Provider. We do not typically receive card data, keeping us PCI DSS compliant in most situations.

Continuity and recovery

Fault-tolerant by design. Any cloud server detected as failing triggers a migration that moves it to a more stable hypervisor.

Firewall and encryption

Servers sit behind firewalls and malware scanners. All web traffic is forced over HTTPS, and our SMTP servers upgrade connections to TLS.

Isolated environments

Development and testing systems are kept fully isolated from production.

Data

Where your data lives, how it is reached, and how it is backed up.

Your domain or ours

Use your own private domain, or a subdomain of ours. Email to either is governed by that subscriber's per-list settings.

Data storage

Data stores are reachable only by the servers that actually require access.

Backups

Server-wide snapshots run daily, weekly, and monthly, and are retained for one month.

Logs

Sensitive information in logs is handled with the same care as the rest of our data.

Questions about security or compliance?

Tell us what your organization needs. We are happy to walk through our controls in detail.