Mailmodo Trust & Security

Mailmodo is both SOC 2 Type 2 and GDPR compliant. We believe in preserving customers' trust and abiding by all local and global regulations.

Mailmodo is both SOC 2 Type 2 and GDPR compliant. We believe in preserving customers' trust and abiding by all local and global regulations.

We're SOC 2 Type 2 Compliant

Mailmodo undergoes annual audits by a third party to ensure SOC 2 Type 2 compliance. For more information regarding compliance certifications and the standards to which Mailmodo adheres, please reach out to

Security features

Product Security

  • Role-Based Access Control: Limit user access with admin, read-write, and read-only roles.
  • TLS 1.2+: We only allow modern TLS and cipher suites.

Application Security

  • Secure Development Lifecycle: Automated linting, unit and integration testing, static analysis, and known vulnerable dependency scanning are performed against every commit.
  • Fix Vulnerability Classes: We structure our architecture and code in a way where entire vulnerability classes are removed by design.
  • Application Level Hashing/Encryption: Passwords are hashed and sensitive columns are stored with application-level encryption.

Infrastructure Security

  • Data Encryption: 100% of data is encrypted in transit and at rest.
  • Infrastructure as Code: All our infrastructure is managed as code and goes through code review.
  • Least Privilege: All IAM policies, credentials, permissions, and roles are scoped down to the minimum necessary permissions.
  • Network Segregation: Production, Sandbox, and Staging account all live within their own separate accounts and are constrained through VPCs.

Risk & Compliance

  • Privacy: Learn more about our privacy program and GDPR compliance by visiting our privacy pages.
  • 3rd Party Audits: We undergo a SOC 2 Type 2 audit annually by third-party assessors.
  • Penetration Tests: We engage 3rd party firms to conduct penetration tests annually.
  • Vendor Evaluation: Mailmodo evaluates and monitors the security of our subprocessors and requires them to maintain a security posture at least as strong as our own.

Corporate Security

  • 2FA: Employee services are authenticated with Google Account, with enforced password complexity and 2FA requirements.
  • Security Training: All personnel complete security awareness training as part of onboarding and annually thereafter.
  • Standardized Onboarding/Offboarding: Employees receive minimum permissions by default, and are only granted additional access on an as-needed basis. When employees change roles or are offboarded, their unneeded permissions are removed immediately.
  • Access Review: Mailmodo performs access reviews on a regular basis to ensure the principle of least privilege is being followed.
  • VPN: Accessing internal services must be completed over a secure VPN

Physical Security

  • Data in the Cloud: We don’t store any data on-premise.
  • Office Security: Our building requires badge or fingerprint access to gain entry. We have CCTV installed on our premises.

Other documents

Terms of Service

Privacy Policy