Mailmodo Trust & Security
Mailmodo is both SOC 2 Type 2 and GDPR compliant. We believe in preserving customers' trust and abiding by all local and global regulations.
We're SOC 2 Type 2 Compliant
Mailmodo undergoes annual audits by a third party to ensure SOC 2 Type 2 compliance. For more information regarding compliance certifications and the standards to which Mailmodo adheres, please reach out to firstname.lastname@example.org
- Role-Based Access Control: Limit user access with admin, read-write, and read-only roles.
- TLS 1.2+: We only allow modern TLS and cipher suites.
- Secure Development Lifecycle: Automated linting, unit and integration testing, static analysis, and known vulnerable dependency scanning are performed against every commit.
- Fix Vulnerability Classes: We structure our architecture and code in a way where entire vulnerability classes are removed by design.
- Application Level Hashing/Encryption: Passwords are hashed and sensitive columns are stored with application-level encryption.
- Data Encryption: 100% of data is encrypted in transit and at rest.
- Infrastructure as Code: All our infrastructure is managed as code and goes through code review.
- Least Privilege: All IAM policies, credentials, permissions, and roles are scoped down to the minimum necessary permissions.
- Network Segregation: Production, Sandbox, and Staging account all live within their own separate accounts and are constrained through VPCs.
Risk & Compliance
- Privacy: Learn more about our privacy program and GDPR compliance by visiting our privacy pages.
- 3rd Party Audits: We undergo a SOC 2 Type 2 audit annually by third-party assessors.
- Penetration Tests: We engage 3rd party firms to conduct penetration tests annually.
- Vendor Evaluation: Mailmodo evaluates and monitors the security of our subprocessors and requires them to maintain a security posture at least as strong as our own.
- 2FA: Employee services are authenticated with Google Account, with enforced password complexity and 2FA requirements.
- Security Training: All personnel complete security awareness training as part of onboarding and annually thereafter.
- Standardized Onboarding/Offboarding: Employees receive minimum permissions by default, and are only granted additional access on an as-needed basis. When employees change roles or are offboarded, their unneeded permissions are removed immediately.
- Access Review: Mailmodo performs access reviews on a regular basis to ensure the principle of least privilege is being followed.
- VPN: Accessing internal services must be completed over a secure VPN
- Data in the Cloud: We don’t store any data on-premise.
- Office Security: Our building requires badge or fingerprint access to gain entry. We have CCTV installed on our premises.