Trust center

Transparency is our policy

We understand that you must be able to entrust your chosen marketing automation provider with one of your most valuable assets – data. To gain that trust, we continue to invest in technology and resources to build security and privacy into our platform. We operate a policy of transparency and aim to provide you with the information you need to feel confident in using Engagement Cloud.

Global presence

The dotdigital platform is currently hosted in three different regions across the globe.  Clients can choose from our Europe, USA, and Australia instances. Data is held within your chosen region, allowing our customers to achieve higher performance and comply with local data protection requirements.

Our infrastructure team

We’ve worked hard to ensure our infrastructure and the team behind it are world-class. We move quickly, with continuous investment in new hardware and solutions. This is all backed up by our information security and data management policies, giving you the confidence to grow.

• We are Cyber Essentials Plus Certified
• We use secure data centres within the EU, USA, or Australia.  Your account will be homed to one of these regions depending on your location. All hold a broad set of industry standard accreditations such as ISO27001 and ISO9001
• Our data centres are connected to the internet with redundant internet links and bandwidth can be easily upgraded on requirement.
• There is redundancy at every component and service level, as well as spare capacity, so we can scale our servers on demand. This means dotdigital can continue to run for prolonged periods even after experiencing major component failures, and we don’t run out of space.
• New dotdigital employees are DBS checked
• Our infrastructure is protected by firewall clusters and all management access requires two-factor authentication.
• We make use of leading cloud providers and content distribution networks to host our email images.
• Virus scan technology is implemented throughout our infrastructure.
• Annual independent security assessments are performed.
• An ongoing vulnerability scanning, and management program is in place.
• Machines are built from approved hardened images and verified in third party security assessments.
• A monthly patching cycle is in place to insure the latest security updates have been applied
• We have restore points for critical data taken every 5 minutes. Backup data is securely kept at same geographic regions, yet sufficiently distant to ensure data is not lost in the event of a disaster, whilst complying with local data protection regulation.
• We employ skilled information security and data privacy specialists in our team to ensure security is always a priority.
• EU Model Contracts are in place between dotdigital and its subsidiaries, as well as subcontractors processing data.
• Role based permissions are used to control staff access to systems and data.
• Management access to infrastructure is tightly controlled and employs multi-factor authentication protection.

Protection of our platform

Engagement Cloud employs various encryption, authentication, and verification techniques throughout the sign-up, campaign set-up, build, and sending process.

• Data is transferred over TLS.
• Data is secured at rest using AES encryption.
• The platform employs anti-DoS and DDoS technology.
• Access to the platform is through a web form login with optional two-factor authentication.
• All users of the dotdigital platform are required to change their passwords every 90 days.
• Passwords are one-way hashed.
• Our web login page and API enforces rate limiting to protect against brute force attacks.
• Your account access rights (import, export, read, write and send) are configurable to your needs and managed by your administrator user.
• All your users are set up in the platform by your administrator user. Verification is by email and SMS.
• All data is virus scanned when uploaded to the platform.
• Our Watchdog service constantly monitors customer contact uploads. If these change from a usual pattern it automatically stops uploading. This process also protects our customers from sending to spam traps that can affect delivery.
• Emails campaigns are sent using opportunistic TLS, using authentication and validation systems such as DKIM and DMARC
• Payment processes are fully PCI-DSS compliant
• Campaign links are checked against lists of high-risk domains to prevent malicious use of the platform.

The dotdigital Engagement Cloud platform employs the use of Cloud Service Providers in order to provide a responsive and scalable service.  To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used.  Contracts including security requirements are in place, including Data processing Agreements, and EU Model Contracts.

​Microsoft Azure, and the Google Cloud Platform is used to host infrastructure that powers the dotdigital Engagement Cloud.  Depending on the location of your account, data will be stored in one of 3 regions.

1. The Engagement Cloud EU region utilises the Microsoft Azure North and West Europe facilities, and Google’s Europe region.
2. The Engagement Cloud US region utilises the Microsoft Azure Central US, and East US 2 facilities, and Google’s Americas region.
3. The Engagement Cloud Australia region utilises the Microsoft Azure Australia East. and Australia SouthEast facilities, and Google’s Sydney facility.

For more information on the physical locations of these facilities please refer to these Microsoft and Google articles.

NOTE: The Live Chat and SMS features are powered by aforementioned infrastructure hosted in the EU.  Clients in all regions are able to enable these features, but should be aware that data collected and used by these features will be stored and processed in the EU.

Maintained support

In order to maintain a stable platform, it may become necessary in certain circumstances to permit system access to Dell, Microsoft, and its agents.