GDPR: MailUp’s Commitment

Data and infrastructure security, tools adapted to the new regulations, granular and controlled data management: here are all the details of our commitment in preparation for the new GDPR.

The GDPR introduces a real revolution in how personal data is processed. MailUp is at companies’ side to address this challenge, with its commitment split along two guidelines:

  • Provide companies with tools and features that help them become compliant with the new regulations in a simple and straightforward way.
  • Integrate the requirements introduced by the new regulation into the MailUp solution, updating the Data Processing Agreement (DPA). Go to this page to view the signed contract.

Like any other company, MailUp is also going through the process of adapting to the GDPR: we are preparing to be fully compliant by May 25, 2018.

The regulation requires our customers reevaluate their data infrastructure and processes that involve the processing of personal data. Being compliant will not be easy, and we certainly don’t want to to make it any more complicated: this is why we have carried out careful analyses aimed at exploiting the flexibility we are distinguished for and allowing our customers to focus only on what is really needed.

We know that the MailUp platform is a fundamental tool for our customers: this is why we are carrying out various assessments, reviewing the specifications of the processing and, in the meantime, we want to let you know how to best use the platform while preparing for the regulation’s entry into force.

How can we help you achieve compliance with the GDPR?

Data access, management and security

Every MailUp customer can log in with their main administrator credentials and create additional users with exclusive or shared access to one or more lists. All the data customers upload to the platform is saved in our systems, giving customers full control of the management, search and access modes.

The MailUp architecture is, like most modern “software as a service” type applications, multi-tenant. However, since our customers’ privacy and security has always been a priority for us, we wanted to maintain customer-specific databases (database-per-tenant).

This solution offers us several advantages: in addition to the physical separation of data for each customer (which ensures strong data isolation), it allows us to have a very high level of flexibility both in terms of encryption and data recovery.

More freedom in choosing personal data

Considering how we manage a large amount of different types of data, we at MailUp are quite aware of the problems related to the access and processing of personal data. This is why we wanted to maintain a high degree of flexibility in this case as well. It will be possible to define which fields can be viewed/modified by each user of the platform.

In the absence of permission, personal data (including email addresses and phone numbers) will be hidden, without this preventing the use of the platform’s main features. This choice is based on the principle of “minimum privilege” which, in addition to being a good practice in terms of security, can help customers maintain the same level of security defined for their organization, allowing each user to only “Sensitive personal data management” page of our User Guide.

In this context, access rights to key functionalities (contact visibility, statistics, import, export, creation and sending of campaigns) are configurable in a specific way for each user.

Furthermore, the platform lets you create different lists that can operate as independent environments and assign access to these lists to specific users. This makes it possible to define independent processing registers according to need (e.g. geography of origin/acquisition).

Application and communications security

The platform lets you define certain basic rules that are considered appropriate measures in the field of data security and processing:

  • Encrypted transmission using SSL, both when accessing the platform and during its use
  • Access passwords are saved in encrypted and non-reversible (hash) format. Nobody at MailUp can find out these passwords
  • Advanced password management
  • Users are asked to change their password upon accessing the platform for the first time, and if configured, it will not be possible to use a password that has been used recently for all subsequent password changes
  • All accounts have the obligation to change their password after a predefined period (also different for each user), which can be set by the administrator
  • Advanced controls on password complexity which can be set and defined (on request)
  • The log-in pages and APIs adopt controls for the prevention of unauthorized access and “brute force” attacks. The roadmap also has the possibility to log in using a two-factor authentication system
  • We provide administrators with a detailed log of user accesses

Security is not limited to platform use, but is also required in the communications sent by each customer. MailUp uses the DKIM standard (DomainKeys Identified Mail) to send messages via the platform. This authentication system lets you “certify” that the message’s content reached the recipient in the same form as that originally sent by the sender.

In doing so, the entire email is encrypted through TLS protocol, making any unauthorized modifications or reading of the email impossible during its sending, until it reaches its destination.

In addition, all the links contained in the emails, including any re-routing, are automatically checked by our systems to prevent spam, malicious use of the platform and data theft (even personal).

Data processing security

All data uploaded to the platform is maintained and saved via backup for the entire contract period, then automatically deleted within 20 days of the end of the contract.

MailUp has its own team dedicated to privacy and compliance which is coordinated by a Data Protection Officer, who oversees the organization’s security and compliance with applicable laws. All those who work for the organization, and in particular those who have access to customer data, have received adequate training in terms of security and privacy and must follow clear rules in order to safeguard the confidentiality, integrity and availability of data.

All access is limited by a permissions system per role and reasons for use, allowing us to ensure that only authorized persons have access to data or servers, and to access the latter there is a also a biometric control.

In addition, authorized personnel can’t see the personal data of the contacts which customers upload to the platform without an additional authorization, as always connected to a specific request and traceable by the customer or with the approval of the compliance team in order to verify behavior which does not respect the terms of use.

Roles and accesses are checked regularly.

Handling sensitive data

The data that customers upload to the platform can present varying degrees of confidentiality.

Even though the platform provides a high level of security and granularity for the handling of different types of data, the customer is responsible for defining and implementing the most appropriate approach for processing and accessing sensitive data.

On request we can evaluate the specific needs and configure the services to process the data in an appropriate manner.


The Regulation establishes that the data controller must be able to demonstrate that the data subject has given his consent to the processing of his personal data.

This has always been one of our priorities, even before the final drafting of the Regulation, and for this reason our customers can find all the necessary tools, always updated, to better manage consent:

  • Registration confirmation system (double opt-in) is implemented as standard on all our forms, with easily configurable text and messages
  • Clear recipient profile page which includes all the necessary elements for demonstrating the recipient’s consent
  • Possibility to export groups of contacts with information about the registration date and IP address
Data Retention

The GDPR establishes that the data controller and its managers are responsible for defining data retention times and ensuring that this period is limited to the minimum necessary.

Those who have already defined a precise duration of data processing can take advantage of the inactive management feature to:

  • Automatically request confirmation when the expiration date is approaching
  • Manage those who don’t confirm the renewal of the processing consent

Workflows will also be updated to let you easily implement the same consent expiration process.

Tools for exercising data subjects’ rights
  • In order to allow the subjects related to the processing to exercise their envisaged rights (access, cancellation, processing limitation, portability) we have completed the Profile Center, which already let users satisfy most of the requests. If the Profile Center is currently enabled, recipients can directly exercise not only their right to cancel (opt-out), but also:
    • Receive information about which data is processed via the platform
    • Limit the data’s processing
    • Request to not be tracked
    • Portability: export of personal information
  • If you’d like to continue managing these tasks individually, we’ve reorganized the recipient profile management interface on the platform, allowing you quick access to all the features you need
  • For companies that have fully integrated the MailUp platform in their systems, we have carried over the same features in our APIs
  • Platform search feature as an access point to easily identify the subject involved in the processing
Profiling tools

MailUp provides various tools and integrations to be able to profile recipients based on their activities or their choices.

However, we would like to underline that the decision-making process, although automated, is totally and exclusively controlled by our customers. Despite the fact that, as indicated in the previous paragraph, an individual subject may request to not be profiled, it is possible to configure the platform in order to completely exclude tracking on one or more lists or for one or more campaigns.