Email Security and Compliance

Enterprise-grade security isn't a feature at TrueSend - it's the architecture everything is built on.

Foundation Img
0
Data breaches in TrueSend's entire history
256-bit
AES encryption for all data at rest and in transit
99.9%
Infrastructure uptime backed by enterprise SLA
1hr
Security incident response and customer notification time
Defence in Depth

Security Layered at Every Level

TrueSend uses a defence-in-depth strategy - multiple independent layers of security so that no single point of failure can compromise your data.

TrueSend Security Architecture - 5 Layers

Network Perimeter - Edge Protection

Enterprise WAF, DDoS mitigation, IP allowlisting, and BGP Anycast routing across 12 global PoPs. All traffic inspected before reaching our infrastructure.

WAFDDoS Protection Rate LimitingIP FilteringCDN Edge
Active

Transport Security - In-Transit Encryption

TLS 1.3 mandatory for all connections. Certificate pinning enforced. Perfect Forward Secrecy on all endpoints. HTTP Strict Transport Security (HSTS) globally.

TLS 1.3Certificate Pinning HSTSPFS
Active

Application Security - Access Control

OAuth 2.0 + OpenID Connect. RBAC with principle of least privilege. MFA enforced for all team members. Session management with automatic timeout and anomaly detection.

OAuth 2.0MFA RBACSAML/SSOAudit Logs
Active

Data Security - At-Rest Encryption

AES-256 encryption for all data at rest. Customer data isolated per-tenant using separate encryption keys. Key rotation every 90 days with HSM-backed key management.

AES-256Per-Tenant Keys HSMKey RotationIsolation
Active

Monitoring & Response - 24/7 SOC

Continuous threat monitoring with SIEM integration. Anomaly detection with ML-powered alerts. Dedicated security team on call 24/7 with <1hr incident SLA.

SIEMML Anomaly Detection 24/7 SOCPen Testing<1hr SLA
Active
Encrypted Img
AES-256
Encryption
TLS 1.3
In Transit
90 days
Key Rotation
Encryption

Your Data is Encrypted, Always.

From the moment data enters TrueSend to the moment it's delivered - every byte is protected by military-grade encryption, end to end.

AES-256 at Rest

All subscriber data, email content, and campaign information stored with AES-256 encryption. Each customer's data encrypted with unique, isolated keys.

TLS 1.3 in Transit

All data moving between your browser, our API, and our servers uses TLS 1.3 with Perfect Forward Secrecy - the strongest encryption available for data in transit.

HSM Key Management

Encryption keys stored in FIPS 140-2 Level 3 certified Hardware Security Modules. Automatic key rotation every 90 days. No human can ever access your raw encryption keys.

Compliance

Every Framework Your Procurement Requires

Whether you're in healthcare, finance, e-commerce, or enterprise.

SOC 2 Type II
System and Organisation Controls 2 - Type II
Certified 2024

Annual third-party audit covering security, availability, processing integrity.

Security controls audited
Availability monitoring verified
Confidentiality measures confirmed
Next audit: Q1 2026 · Report available on request
GDPR
General Data Protection Regulation (EU 2016/679)
Fully Compliant

Full EU/UK GDPR compliance including Data Processing Agreements, lawful basis documentation.

DPA available on request
Data subject rights portal
EU data residency option
EU data stored in Frankfurt (AWS eu-central-1)
ISO 27001
Information Security Management System
Certified 2024

ISO 27001:2022 certification covering our ISMS - policies, risk management.

Annual surveillance audit
Risk register maintained
Supplier assessments completed
Certificate expires: November 2027
PCI DSS Level 1
Payment Card Industry Data Security Standard
Level 1 Certified

The highest PCI DSS level - required for processors handling over 6 million card transactions annually.

QSA-audited annually
Network segmentation verified
Cardholder data scoped out
Powered by Stripe · PCI DSS v4.0
HIPAA Ready
Health Insurance Portability and Accountability Act
BAA Available

TrueSend can sign Business Associate Agreements for healthcare customers.

BAA available (Business plan+)
PHI isolation controls
Audit trail for PHI access
Contact sales to sign a BAA
CCPA
California Consumer Privacy Act
Fully Compliant

Full CCPA compliance for California consumers - including the right to know.

Data subject request portal
Opt-out mechanisms built in
Privacy notice templates
CPRA amendments included
Subscribers Img
GDPR Ready
EU data protected
Your Rights
Always respected

Your Subscribers' Privacy Is Sacred.

TrueSend treats privacy as a fundamental right - not a compliance checkbox.

Subscribers can request a full export of all data TrueSend holds about them - email address, engagement history, custom fields, and consent records - delivered.
Single-click deletion of all subscriber data from TrueSend's systems including backup stores. Deletion cascades across all lists, segments, and campaign history. Cryptographic proof of deletion available for compliance audits.
Subscribers can update their own data via your branded preference centre. Corrections sync across all lists and segments in real time. Admins can bulk-update via API with a full change audit trail maintained.
One-click unsubscribe, global suppression, and marketing opt-out managed automatically. TrueSend complies with RFC 8058 list-unsubscribe headers and Google/Yahoo's 2024 requirements for instant opt-out processing.
Incident Response

When Something Goes Wrong, We Act Fast.

No system is perfect. What separates great security teams.

1

Detect & Triage

24/7 SIEM monitoring detects anomalies automatically.

<5 minutes
2

Contain & Isolate

Affected systems isolated immediately.

<15 minutes
3

Notify Affected Customers

Affected customers notified via email and status page within 1 hour.

<1 hour (GDPR requires 72h)
4

Remediate & Report

Root cause analysis and full post-mortem published within 5 business days.

<5 days post-incident
System Status · Live
Email Sending API
Operational
Campaign Dashboard
Operational
REST API v2
Operational
Deliverability Engine
Operational
Analytics & Reports
Operational
Data Storage Layer
Operational
30-day uptime
99.97%
Last 30 days

Deliver Your Best Work With True Send

  • No Credit Card Needed
  • Unlimited Time On Free Plan
Get Started Now View Pricing