At Mailabl we take security very seriously and so should you.
We understand the importance in providing clear information about our security practices, tools, resources and responsibilities, so that you can feel confident in choosing us as a trusted service provider and understand how and what we do in order to secure our platform.
Hosting Infrastructure
Mailabl services are hosted on DigitalOcean data center located in Amsterdam, Netherlands. DigitalOcean is a leading cloud hosting provider with whom we can provide a reliable high-availability service including distributed traffic among multiple nodes which guarantees a high uptime.
For more information about their security practices read more here.
Secure Development Practices
Our developers follow security practices according to industry standards. Each line of code gets run through vulnerability scanning and code analysis prior to deployment to production.
Application Security
We use modern and secure frameworks with high-end security controls to limit exposure to OWASP Top 10 security risks. Among others this limits exposure to SQL injection attacks (SQLi) and Cross-Site Scripting (XSS).
Infrastructure Security
In addition to application security our infrastructure has several other layers of defence mechanisms:
- A web application firewall (WAF), which aids in protecting against multiple web exploits
- DDoS protection
- Rate limiting
Data encryption
All communications with our user interfaces and API are always sent over a 256-bit Transport Layer Security 1.2 or higher. With this all traffic between you and Mailabl is secure during transit.
Passwords and other credentials are hashed with an AES-256-CBC cipher, which in turn are all signed with a message authentication code (MAC), preventing the decryption of any values that have been tampered with by malicious users.
Reliability
Our goal is that you can always access your account. Because of that we aim to provide an over 99% uptime.
There are times when our services will be unavailable due to scheduled maintenance or due to a failure within a component. In such cases, our engineering team is paged as soon as the failure is detected and work to make sure the service is back up in the shortest possible time.
We maintain a publicly available status webpage, which holds systems availability details, service incident history and scheduled maintenances.
Backups
In addition to an almost real-time manner database replication, we do daily full backups, which are kept in geographically dispersed and secure locations. All backups are fully encrypted.
These methods ensure that there are multiple copies of data available to be restored in case of a physical or technical incident.
Backups are periodically tested to ensure the integrity of our backup procedure.
GDPR compliant
We confirm that when processing any data, we comply with the requirements arising from the General Data Protection Regulation (EU) 2016/679.
Please see our Privacy Policy for details on what we do with the information that we gather through our services.
Certificates
We are currently in the process of getting ISO/IEC 27001 certified.