Security Schema

Built for Enterprise Security

Your data — and your subscribers' data — is treated with the highest levels of protection across every layer of our stack.

SOC 2 Type II

GDPR Compliant

CCPA Ready

CAN-SPAM Compliant

AES-256 Encrypted

99.9% Uptime SLA

Security from the Ground Up

Every layer of MailMind is designed, audited, and continuously monitored to protect your data.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your contact lists and campaign content are never stored in plaintext.

AES-256

Encryption

TLS 1.3

Transit

Infrastructure Security

Our infrastructure runs on AWS with multi-region redundancy, automatic failover, and isolated customer environments. We maintain a 99.9% uptime SLA.

99.9%

Uptime SLA

US + EU

Regions

Access Controls

Role-based access control (RBAC) ensures team members only see what they need. All internal access to customer data is logged and audited.

RBAC

Model

Full

Audit Log

SOC 2 Type II Certified

MailMind is independently audited and certified against SOC 2 Type II standards, validating our controls for security, availability, and confidentiality.

SOC 2

Standard

Type II

Type

GDPR & Compliance

We are fully GDPR, CCPA, and CAN-SPAM compliant. Data Processing Agreements are available for all customers on request.

✓ Compliant

GDPR

Available

DPA

Penetration Testing

We conduct annual penetration tests with independent third-party security researchers. Findings are remediated within SLA timelines.

Annual

Frequency

3rd Party

Vendor

Data Policies

Common questions about how we protect and handle your data.

How is my subscriber data stored?

All subscriber data is stored encrypted at rest in AES-256. Data is isolated per customer tenant and never mixed across accounts. We maintain strict access controls internally.

Where is data physically stored?

By default, US-based accounts are stored in AWS US-East-1 (North Virginia). EU-based accounts are stored in AWS EU-West-1 (Dublin, Ireland) to comply with GDPR data residency requirements.

Does MailMind train AI models on my data?

No. Your contact lists, campaign content, and subscriber data are never used to train our AI models. AI training uses only anonymized, aggregate behavioral data from opted-in sources.

What happens to my data if I cancel?

You retain access to export your data for 30 days after cancellation. After that, all customer data is securely deleted from our primary systems within 30 days and from backups within 90 days.

How do you handle security incidents?

We maintain an incident response plan with defined RTO/RPO targets. In the event of a breach affecting customer data, we notify affected customers within 72 hours as required by GDPR.

Vulnerability Disclosure

Found a security vulnerability? We take all reports seriously. Please email us responsibly and we'll acknowledge your report within 24 hours.

security@mailmind.ai