Take us for a test drive
Copyright © 2023 mmunic Ltd | Regus House, Herons Way, Chester, CH4 9QR | Registered in England under company number 6151369
How we keep your data safe in mmunicMail
This information covers how we protect your data when you use our email marketing platform, mmunicMail. For more information about how we protect your data for other services, please see our Privacy & Cookies Policy.
Our customers depend on us for security of their data and reliability of access to it. It’s something we take very seriously and we believe it’s important you know how we keep your data safe and access to mmunicMail secure.
Your data is kept safe in patrolled, tier 4 data centres based in the UK. Only authorized personnel are granted access to the data centres.
The data centres used to hold your data have onsite security teams, who are resident 24 hours a day, 365 days a year to protect against unauthorised access and physical security breaches.
When you access mmunicMail through your web browser, and when requests are made through our API to your database, these are protected by SSL Labs Grade A 256-bit SSL encryption.
You can click the padlock icon next to the browser address to check this and verify that you’re not connected to, or communicating with, a phishing site impersonating mmunicMail. This is how you know that your data is secure in transit.
It’s just as important that you’re able to access mmunicMail when you need to as it is that we keep your data secure. mmunicMail uses high-level importance servers, which benefit from full redundancy of power supplies and internet connections that ensure mmunicMail stays online even in the rare event that multiple servers fail.
mmunicMail also employs enterprise level firewalls to ensure that the platform and your data reside securely within the data centres’ infrastructure, with no direct public access.
mmunicMail is coded using the principles of OWASP to ensure the most secure practices of code are used at all times when developing the platform. This also includes when new releases are planned and developed. Our developers also conduct a Data Protection Impact Assessment (DPIA) for each major release of the mmunicMail platform on the development roadmap.
From our penetration tests and vulnerability detection approaches, security patches are released for mmunicMail – which are then tested again to ensure ongoing security. Security patches are also released on-demand, using the up-to-date knowledge that our development team continues to build about contemporary security threats.
Importantly, your data is not used in any of mmunicMail’s development, testing or analytics environments – only on the live, production version of the platform.
The servers we use within the data centres that host your data are scanned for vulnerabilities multiple times each year. This comprehensive range of tests performed on our servers are deployed both from external Internet servers and also from inside the network.
Additionally, the mmunicMail application is also subject to an annual penetration test on both the application itself as well as its perimeter to ensure the ongoing security of the platform.
From our penetration tests and vulnerability detection approaches, security patches are released for mmunicMail – which are then tested again to ensure ongoing security. Security patches are also released on-demand, using the up-to-date knowledge that our development team continues to build about contemporary security threats.
mmunicMail only uses mail servers that run Port25 PowerMTS software that implements TLS (Transport Layer Security) to deliver secure and encrypted emails.
On top of this, all emails sent out through mmunicMail are signed with 1024 bit DKIM keys to protect against forgery while in transit.
Both mmunicMail’s default sending domain (mailer.mmunic.email) and any custom domains you set up using our DNS Authentication guide also have SPF (Sender Policy Framework) protection to publish authorised ranges of sending IP addresses.
When any user tries to log in to mmunicMail, the platform is protected by both Google ReCAPTCHA and brute force detection.
We limit the number of log in attempts as part of these measures anyway and impose a 1 hour lockout if this threshold is met; however, in the event that any aggressive or hostile logon attempts (such as those from bots or hackers) are detected, brute force detection automatically kicks in faster.
Once authorised users are logged in, we also use auto-timeout features that automatically log you out after a period of inactivity.
We also retain an audit log of all account activity that we monitor for unusual events (which we then disclose to you if required). These cannot be edited or amended in anyway, meaning we have an accurate record of all account activity across mmunicMail. Our audit logs are retained for 18 months.
It’s important that mmunicMail holds only data that is relevant to your business. As such, mmunicMail automatically deletes any customer or list user data after 18 months of inactivity. This means that if you don’t send an email out to a user for 18 months, they will automatically be removed from the platform and any lists the user is on.
If you have a shorter data retention policy, just let us know – we can customise this setting for you!
mmunicMail is backed up using the very latest hardware technologies to ensure your data is processed and protected in a fast and efficient manner. We have three real-time mirrors of your live data, and within our backup data centre, we maintain another three real-time mirrors. We also have a failover servers which take a snapshot of the mmunicMail database every 3 hours for extra protection.
Only your images are stored in the ‘cloud’ – your data itself is stored and backed up on tier 4 data centres based in the UK.
No hardware is infallible, but the approach used to backup mmunicMail and your data means that multiple layers of backup are available in the event of catastrophic hardware failure, disaster recovery plan instigation and even for everyday business continuity and reliability requirements.
In the event of a potential or actual security breach being discovered by anyone involved in the maintenance or management of mmunicMail, we make every effort to discover and resolve the issue within as shorter timeframe as possible.
Importantly, we are also committed to disclosing any vulnerabilities exploited to our affected customers. To do this, we follow the approach for managing and disclosing security breaches as set out by the Information Commissioner’s Office (ICO) guidelines on the matter.
While a huge amount of work goes into keeping mmunicMail a secure email marketing platform behind the scenes, you can also help protect your mmunicMail account – and the security of our platform as a whole – with the following simple tips and tricks:
Get a personalised, 45-minute walkthrough of mmunicMail from the comfort of your own desk, at a time to suit you.