About us

Trust center

Trust that your data is safe, protected and secure.

A global presence

The dotmailer platform is available from Europe, USA, and Australia. Data is held within your chosen region allowing our customers to achieve higher performance, and allowing you to comply with local data protection requirements.

We understand that you must be able to entrust your chosen email and automation provider with one of your most valuable assets - your data. To gain that trust we continue to invest in technology and resources to build security and privacy into our platform. We operate a policy of transparency and aim to provide you with the information you need to feel confident in using us.

Platform status and availability

Our current system status is available at status.dotmailer.com. Here you can subscribe via Twitter, email or SMS for as-they-happen notifications to service incidents, and you can browse through past incident history.

We also provide a scheduled maintenance calendar of upcoming planned improvements affecting the platform.

Browse our current platform status indicators

Multi-service uptime reports

We provide a detailed, fully transparent view of platform service over time, country and function on our dedicated site uptime.dotmailer.com.

Our uptime tracking is like no other. It doesn't just show you the uptime statistics of our web interface. You can also track the availability and performance of our campaign imagery, API, tracking services and surveys, as well as our integrated solution connectors.

View detailed performance and uptime metrics

Resources

If you think you have found a vulnerability, please contact security@dotmailer.com.

Industry-leading security and infrastructure

Our infrastructure team

We've worked hard to ensure our infrastructure and the team behind it is world class. We move quickly, with continuous investment in new hardware and solutions. This is all backed up by our Information Security and data management policies, giving you the confidence to grow.

Our infrastructure and the team practices in depth

 

Protection of our platform

The dotmailer platform employs various encryption, authentication and verification techniques throughout the signup, campaign setup, build and sending process.

How our platform protects you and your data

Our growing list of global accreditations

How dotmailer maximizes your delivery rate

Third party service partners and data processors

Local services. Global solutions.

Region selected: EU

US-based storage

To safeguard the confidentiality, integrity and availability of data, the dotmailer platform is hosted on Microsoft Azure. In the US we utilize the East US 2 region, with data backed up to the Central US region. All Azure facilities meet a broad set of compliance standards, details of which can be found here. A map showing the Azure data center locations can be found here.

In addition to our virtualised infrastructure hosted in Azure, we have a physical data center located in Boston. This connects to Azure via a Virtual Private Network, and is used to send your email campaigns out to the internet.

Maintained support

In order to maintain a stable platform, it may become necessary in certain circumstances to permit supervised system access to Dell, Microsoft and its agents.

Comapi (a dotdigital group company)

Used to deliver mobile messaging, in-app/push notifications, and to social media communication channels. Note: Client data used by these features will be stored and processed in EU based data centres, regardless of the dotmailer account region.

Google Cloud Platform

For the provision of the dotmailer service including storage of customer data. Google conforms to many international and industry specific compliance standards. More information can be found on Google Cloud Platform's Security page.

EU-based storage

To safeguard the confidentiality, integrity and availability of data, the dotmailer platform is hosted on Microsoft Azure. European data is held in the West Europe region, with data being backed up to the North Europe region. All Azure facilities meet a broad set of compliance standards, details of which can be found here. A map showing the Azure data center locations can be found here.

In addition to our virtualized infrastructure hosted on Azure, we have a physical data center located in London. This connects to Azure via a Virtual Private Network, and is used to send your email campaigns out to the internet. This too holds various accreditations including ISO 27001 & 22301.

Maintained support

In order to maintain a stable platform, it may become necessary in certain circumstances to permit system access to Dell, Microsoft and its agents.

Comapi (a dotdigital group company)

Used to deliver mobile messaging, in-app/push notifications, and to social media communication channels. Note: Client data used by these features will be stored and processed in EU based data centres, regardless of the dotmailer account region.

Google Cloud Platform

For the provision of the dotmailer service including storage of customer data. Google conforms to many international and industry specific compliance standards. More information can be found on Google Cloud Platform's Security page.

Australia-based storage

To safeguard the confidentiality, integrity and availability of data, the dotmailer platform is hosted on the Microsoft Azure platform. In Asia-Pacific, we utilise the Australia East region, with data backed up to the Australia Southeast region. All Azure facilities meet a broad set of compliance standards, details of which can be found here. A map showing the Azure data centre locations can be found here.

In addition to our virtualised infrastructure hosted in Azure, we have a physical data center located in Sydney. This connects to Azure via a Virtual Private Network, and is used to send your email campaigns out to the internet. This too holds various accreditations including ISO 27001 & 9001.

Maintained support

In order to maintain a stable platform, it may become necessary in certain circumstances to permit supervised system access to Dell, Microsoft and its agents.

Comapi (a dotdigital group company)

Used to deliver mobile messaging, in-app/push notifications, and to social media communication channels. Note: Client data used by these features will be stored and processed in EU based data centres, regardless of the dotmailer account region.

Cloudflare

For Content Delivery Network (CDN) and web proxy services. More information can be found on Cloudflare's Privacy & Security page.

Amazon Web Services

For provision of supporting network services and client image storage . AWS conforms to many international and industry-specific compliance standards. More information can be found on AWS's compliance page.

Microsoft Azure

For the provision of the dotmailer service including storage of customer data. Azure conforms to many international and industry specific compliance standards. More information can be found on Azure’s Trust Center.

GGR Communications

Used for network management and inter-data center connectivity.

GTT

Internet connectivity for our email delivery services.

Markley Group

Data center space for our email delivery services.

Zayo Group

Internet connectivity for our email delivery services.

MagneticOne

Suppliers of integration platforms for clients wanting to link their dotmailer account to supported third party e-commerce systems.

Cloudflare

For Content Delivery Network (CDN) and web proxy services. More information can be found on Cloudflare's Privacy & Security page.

Amazon Web Services

For provision of supporting network services and client image storage . AWS conforms to many international and industry-specific compliance standards. More information can be found on AWS's compliance page.

Microsoft Azure

For the provision of the dotmailer service including storage of customer data. Azure conforms to many international and industry specific compliance standards. More information can be found on Azure’s Trust Center.

GGR Communications

Used for network management and inter-data center connectivity.

RedSMS

Used to relay SMS campaigns to mobile carriers for delivery to your contacts phones.

Interxion

Data Center Space for our email delivery services.

GTT

Internet connectivity for our email delivery services.

Zayo

Internet connectivity for our email delivery services.

MagneticOne

Suppliers of integration platforms for clients wanting to link their dotmailer account to supported third party e-commerce systems.

Cloudflare

For Content Delivery Network (CDN) and web proxy services. More information can be found on Cloudflare's Privacy & Security page.

Amazon Web Services

For provision of supporting network services and client image storage . AWS conforms to many international and industry-specific compliance standards. More information can be found on AWS's compliance page.

Microsoft Azure

For the provision of the dotmailer service including storage of customer data. Azure conforms to many international and industry specific compliance standards. More information can be found on Azure’s Trust Center.

GGR Communications

Used for network management and inter-data center connectivity.

webqem

Data Center space and internet connectivity for email delivery services

MagneticOne

Suppliers of integration platforms for clients wanting to link their dotmailer account to supported third party e-commerce systems.

Privacy and the GDPR

Model Contract Clauses

European Union (EU) data protection law regulates the transfer of personal data from EU customers to countries outside the EU. dotmailer has in place EU Standard Contractual Clauses that provide specific guarantees around transfers of personal data for platform services. These Model contracts exist as contractual privacy protections between dotmailer and its third-party service providers who process data as well as all dotmailer subsidiaries (to include North America, Australia, South Africa and Belarus), copies of which are available upon request and under NDA. Individual model contract clauses for dotmailer clients are available as well, on an as needed basis.

You can see more information on our third-party service suppliers here.


EU-U.S. Privacy Shield

dotmailer complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. dotmailer has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov. For more information on dotmailer’s privacy practices, please visit our Privacy Statement.


Australian Privacy Principles

For customers who are concerned about compliance with Australia's Privacy Principles, dotmailer complies with a wide range of international, industry and local standards, best common practice, regulations, legislation and policy. Many of these are identified here in the dotmailer Trust Center. Should data sovereignty be of concern, dotmailer offers the ability to control where data lives by allowing the choice of sending instances in various regions, including Australia, North America and Europe.

Although the dotmailer platform addresses the compliance, security, and privacy requirements that Australia identifies, some requirements are the responsibility of the customer and it is important for customers to understand the shared responsibilities.


Canadian Privacy Law

Canadian privacy laws—such as the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA) — aim to protect the privacy of individuals, and give them the right to access information gathered about them. The laws require organizations to take reasonable steps to safeguard information in their custody or control, and cover personal information that is held and processed by governments and private organizations in data files, registers, and elsewhere.

Ultimately, the responsibility and ownership of personal data lies with our business customers, per the dotmailer Terms and Conditions. However, dotmailer commits that third-party services have implemented security safeguards to help them protect the privacy of individuals, based on established industry standards. We have assessed our practices in risk, security, and incident management; access control; data integrity protection; and other areas relative to the recommendations from the Office of the Privacy Commissioner of Canada, and have determined that the in-scope services are capable of meeting those recommendations.

General Data Protection Regulation (GDPR)

On May 2018, a European privacy law, the General Data Protection Regulation (GDPR), is due to take effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents. The GDPR applies no matter where you are located.

dotmailer has extensive expertise in protecting data, championing privacy, and complying with complex regulations. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.

We are committed to our principles of cloud trust, data protection, and data security. We intend to provide platform functionality to address the privacy demands of our customers. As the GDPR enforcement begins, here is what else you can expect from us:

  • Technology that meets your needs – You can leverage our specific platform functionality to meet your GDPR obligations for areas including deletion, rectification, transfer of, access to and objection to processing of personal data.
  • Contractual commitments – Relationships with dotmailer are supported with contractual commitments for our services, including security standards, support and timely notifications in accordance with the new GDPR requirements.
  • Sharing our experience – We will share the information that we gather through various Data Protection Authorities and other reputable organizations so you can adapt what we have learned to help you craft the best path forward for your organization.
While dotmailer is fully committed to helping you successfully comply with the GDPR, it is important to recognize that compliance is a shared responsibility. New requirements – like greater data access and deletion rules, risk assessment procedures, a Data Protection Officer role for many organizations and data breach notification processes – will mean changes for your organization. When it comes to GDPR compliance, it’s not just European organizations that are affected, but also those outside of the EU who process data in connection with the offering of goods and services to, or monitoring the behaviour of, EU residents. As such, it is important to understand your obligations related to GDPR regardless of where your organization resides.

It will take time, tools, processes and expertise for you to comply with the GDPR. To do this, you need to make changes to your privacy and data management practices.

We’ve curated a list of GDPR resources which you can refer to here.

Big brands powered by dotmailer

View all case studies