PoliteMail Data Security Standards
Because your data is your data. We protect it.
PoliteMail’s current SOC-2, ISO27001 certification, and standard CSA and SIG assessments are available under NDA.
What are PoliteMail’s technical
and organizational security measures?
PoliteMail assesses risks annually and routinely applies appropriate technical and organizational controls, using software tools, policies and procedures to effectively manage these risks. To learn more, download our Technical and Organizational Measures document.
What data does PoliteMail
process and store?
PoliteMail primarily processes and stores distribution group membership, employee name and email address data, in order to send the broadcast email. Click below for a complete list of all data processed and stored.
PoliteMail keeps your internal email data safe
Your email content is stored in your Sent Items folder. PoliteMail processes internal broadcasts, but does not store the content of the SMTP email messages, they are simply processed and passed through. All application communications and data is encrypted in transit using HTTPS TLS 1.2. All data at rest is AES-256 encrypted. PoliteMail will maintain an audit trail of all messages sent from and to, and therefore does store employee name and email addresses, which is most often consider personally identifiable information (PII), and receives the same level of protection as any other confidential information we receive and process. We never share your data with any third parties. PoliteMail provides log transport options to move security data to your Splunk or Azure Sentinel environments.
PoliteMail Software is qualified for the Microsoft Government Cloud
GCC-High in Categories 2 & 3
PoliteMail Software supports U.S. Government entities, covered defense information, controlled unclassified information and other types
of federal, federal agency, NGO or other U.S. Government entity data which require GCC High and FedRamp High cloud security.
Dedicated application environments enable customized security controls
As an enterprise provider, unlike other SaaS providers of similar services, we offer dedicated SaaS services not the typical shared, multi-tenant services. We also offer your-cloud and on-prem deployment models, to put data security completely in your control. Your SaaS services are completely isolated from other customers, provide dedicated IP addresses and host names, and support additional security configurations like ACLs, IP restrictions, certificate-based connectivity, VPNs and more.