Security Policy

We take the security of your data very seriously at Mailbutler and work hard behind the scenes to keep your data safe, secure, and private. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security.

System Status

We know trust is earned, not just given. And we believe it starts with being transparent about our system’s status and performance. The Mailbutler Status page shares our app and API availability https://status.mailbutler.io/.

Incident Response

We monitor our systems with a variety of performance measurement and error-checking tools. When problems are detected, our development team is notified immediately, and the issues are investigated.

When a serious incident occurs, or a long interval of downtime is anticipated, we notify our users via our blog, twitter, facebook and/or email.

Our system operations are logged extensively, and the logs are stored for at least a 30-day period in the cloud. If needed, these logs may be mined to investigate incidents or to reconstruct a chain of events.

Should a security breach occur, we will promptly notify affected users of the nature and extent of the breach, and take steps to minimize any damage.

Vulnerability Management

We perform regular vulnerability scans of our Internet-facing applications to identify issues we need to fix. We are making this a standard practice for new features and infrastructure that we deploy.

When potential vulnerabilities are identified, we triage them immediately. Critical vulnerabilities cause remediation work to begin immediately, which is deployed as soon as a fix is available. Serious vulnerabilities also cause work to begin immediately, and fixes are deployed within 24 hours. Minor and trivial vulnerabilities cause work to be scheduled alongside feature work.

Access Control

We place strict controls over our employees’ access to the data you and your users make available via the Mailbutler services.

All employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Mailbulter services.

Access to customer data by Mailbutler employees is limited to an as-needed basis (e.g., to resolve customer issues). When such access is required, only personnel with a direct need will access the data, and such access will be limited as much as possible. Breach of this policy by a Mailbutler employee is a serious matter, requiring investigation and appropriate disciplinary action, up to and including termination as well as legal action.

Secure Development

Mailbutler is secure by design. Changes to Mailbutler's code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to beta version wherein Mailbutler employees and beta testers are able to test changes before an eventual push to production servers and our customer base.

Data Center Security

Mailbutler is using Amazon AWS servers to store data which are located in Frankfurt, Germany. Amazon employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.

Account Protection

We highly recommend everyone take steps to improve their own safety on Mailbutler and elsewhere online. To keep your online accounts safe, choose unique and strong passwords for each service you use and change them regularly and never repeat previously used passwords.

Reporting

At Mailbutler, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present. We have implemented a responsible disclosure policy to ensure that problems are addressed quickly and safely.

If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. E-mail your findings to info@mailbutler.io.

Questions

If you have more questions around Access Control, Secure Development, Data Security, or any other security-related questions, please email us at info@mailbutler.io or via our postal address below: Mailbutler GmbH Welserstr. 10-12 10777 Berlin Germany

Changes

We are constantly improving our Services, so these Terms may need to change along with the Services. We reserve the right, at our sole discretion, to modify or replace these Terms at any time. We reserve the right to change the Terms at any time. If a revision is material we will try to provide at least 30 days notice prior to any new terms taking effect. We will bring it to your attention by placing a notice on the Mailbutler website, and/or by sending you an email, and/or by some other means. What constitutes a material change will be determined at our sole discretion. If you don’t agree with the new Terms, you are free to reject them; unfortunately, that means you will no longer be able to use the Services. If you use the Services in any way after a change to the Terms is effective, that means you agree to all of the changes.

Last Updated: 29th July, 2019