Trust center
Transparency is our policy
We understand that you must be able to entrust your chosen marketing automation provider with one of your most valuable assets - data. To gain that trust, we continue to invest in technology and resources to build security and privacy into our platform. We operate a policy of transparency and aim to provide you with the information you need to feel confident in using Engagement Cloud.
Global presence
The dotdigital platform is currently hosted in three different regions across the globe. Clients can choose from our Europe, USA, and Australia instances. Data is held within your chosen region, allowing our customers to achieve higher performance and comply with local data protection requirements.
Learn about Privacy and the GDPR
Click hereKeeping you up to date
Need-to-know information, whenever you need it
Platform status
Our current system status is available at status.dotdigital.com. Here you can subscribe via Twitter, email, or SMS for as-they-happen notifications to service incidents. You can also browse through past incident history.
We also provide a scheduled maintenance calendar of upcoming planned improvements affecting the platform.
Multi-service uptime reports
We provide a detailed, fully transparent view of platform service over time, country, and function on our dedicated site uptime.dotdigital.com.
Our uptime tracking is like no other. It doesn't just show you the uptime statistics of our web interface; you can also track the availability and performance of our campaign imagery, API, tracking services and surveys, as well as our integrated solution connectors.
Resources
Confirmation of our Cyber Essentials Plus accreditation can be found on the Cyber Essentials web site.
If you think you have found a vulnerability, please contact security@dotdigital.com.
Industry-leading security and infrastructure
Our infrastructure team
We've worked hard to ensure our infrastructure and the team behind it are world-class. We move quickly, with continuous investment in new hardware and solutions. This is all backed up by our information security and data management policies, giving you the confidence to grow.
- We are Cyber Essentials Plus Certified
- We use secure data centres within the EU or in the US depending on your region. All hold a broad set of industry standard accreditations such as ISO27001 and ISO9001.
- Our data centres are connected to the internet with redundant internet links and bandwidth can be easily upgraded on requirement.
- There is redundancy at every component and service level, as well as spare capacity, so we can scale our servers on demand. This means dotmailer can continue to run for prolonged periods even after experiencing major component failures, and we don't run out of space.
- All new dotmailer employees are DBS checked
- Our infrastructure is protected by firewall clusters and all management access requires two-factor authentication.
- We make use of leading cloud providers and content distribution networks to host our email images.
- Virus scan technology is implemented throughout our infrastructure.
- Annual independent security assessments are performed.
- An ongoing vulnerability scanning, and management program is in place.
- Machines are built from approved hardened images and verified in third party security assessments.
- A monthly patching cycle is in place to insure the latest security updates have been applied
- We have restore points for critical data taken every 5 minutes. Backup data is securely kept at same geographic regions, yet sufficiently distant to ensure data is not lost in the event of a disaster, whilst complying with local data protection regulation.
- We employ skilled information security and data privacy specialists in our team to ensure security is always a priority.
- EU Model Contracts are in place between dotmailer and its subsidiaries, as well as subcontractors processing data.
- Role based permissions are used to control staff access to systems and data.
- Management access to infrastructure is tightly controlled and employs multi-factor authentication protection.
Protection of our platform
Engagement Cloud employs various encryption, authentication, and verification techniques throughout the sign-up, campaign set-up, build, and sending process.
- Data is transferred over TLS.
- The platform employs anti-DoS and DDoS technology.
- Access to the platform is through a web form login with optional two-factor authentication.
- All users of the dotmailer platform are required to change their passwords every 90 days.
- Passwords are one-way hashed.
- Our web login page and API enforces rate limiting to protect against brute force attacks.
- Your account access rights (import, export, read, write and send) are configurable to your needs and managed by your administrator user.
- All your users are set up in the platform by your administrator user. Verification is by email and SMS.
- All data is virus scanned when uploaded to the platform.
- Our Watchdog service constantly monitors customer contact uploads. If these change from a usual pattern it automatically stops uploading. This process also protects our customers from sending to spam traps that can affect delivery.
- Emails campaigns are sent using opportunistic TLS, using authentication and validation systems such as DKIM and DMARC
- Payment processes are fully PCI-DSS compliant
- Campaign links are checked against lists of high-risk domains to prevent malicious use of the platform.
Learn about Brexit and dotdigital Engagement Cloud
Click hereThird party service partners and data processors
Local services, global solutions
EU-based storage
The dotdigital Engagement Cloud platform employs the use of Cloud Service Providers in order to provide a responsive and scalable service. To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used. Contracts including security requirements are in place, including Data processing Agreements, and EU Model Contracts.
The core Engagement Cloud platform is hosted on Microsoft Azure infrastructure. This is where all data uploaded to the platform will be stored, and where campaign and campaign reporting data will be collected. The Google Cloud platform is also used for some of dotmailer’s more processing intensive features such as Insight Data. In both instances, client data remains in the same region. In Europe, our primary Microsoft facilities are in The Netherlands, with data being backed up to a secondary Microsoft Facility in Ireland. Data stored on Googles infrastructure is spread across their Europe region, which currently consists of London, Belgium, Frankfurt, Finland and The Netherlands.
Maintained support
In order to maintain a stable platform, it may become necessary in certain circumstances to permit system access to Dell, Microsoft, and its agents.
Service Partners
Microsoft Azure
For the provision of the dotdigital service, including storage of customer data. Azure conforms to many international and industry-specific compliance standards. More information can be found on Azure’s Trust Center.
Cloudflare
For Content Delivery Network (CDN) and web proxy services. More information can be found on Cloudflare's Privacy & Security page.
Amazon Web Services
For provision of supporting network services and client image storage. AWS conforms to many international and industry-specific compliance standards. More information can be found on AWS's compliance page.
Google Cloud Platform
For the provision of the dotdigital service including storage of customer data. Google conforms to many international and industry-specific compliance standards. More information can be found on Google Cloud Platform's Security page.
GGR Communications
Used for network management and inter-data center connectivity. Interxion Data Center Space for our email delivery services. GTT Internet connectivity for our email delivery services. Zayo Internet connectivity for our email delivery services. MagneticOne Suppliers of integration platforms for clients wanting to link their dotdigital account to supported third party e-commerce systems.
Interxion
Data Center Space for our email delivery services.
GTT
Internet connectivity for our email delivery services.
Zayo
Internet connectivity for our email delivery services.
MagneticOne
Suppliers of integration platforms for clients wanting to link their dotdigital account to supported third party e-commerce systems.
US-based storage
The dotdigital Engagement Cloud platform employs the use of Cloud Service Providers in order to provide a responsive and scalable service. To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used. Contracts including security requirements are in place, including Data processing Agreements, and EU Model Contracts.
The core Engagement Cloud platform is hosted on Microsoft Azure infrastructure. This is where all data uploaded to the platform will be stored, and where campaign and campaign reporting data will be collected. The Google Cloud platform is also used for some of dotmailer’s more processing intensive features such as Insight Data. In both instances, client data remains in the same region. In the US our primary Microsoft facilities are in the East US 2 region, with data backed up to the Central US region. Data stored on Googles infrastructure is spread across their Americas region, which currently consists of Oregon, Los Angeles, Iowa, South Carolina, N. Virginia, Montréal, and São Paulo.
Maintained support
In order to maintain a stable platform, it may become necessary in certain circumstances to permit supervised system access to Dell, Microsoft and its agents.
Service Partners
Microsoft Azure
For the provision of the dotdigital service including storage of customer data. Azure conforms to many international and industry specific compliance standards. More information can be found on Azure’s Trust Center.
Cloudflare
For Content Delivery Network (CDN) and web proxy services. More information can be found on Cloudflare's Privacy & Security page.
Amazon Web Services
For provision of supporting network services and client image storage . AWS conforms to many international and industry-specific compliance standards. More information can be found on AWS's compliance page.
Google Cloud Platform
For the provision of the dotdigital service including storage of customer data. Google conforms to many international and industry specific compliance standards. More information can be found on Google Cloud Platform's Security page.
GGR Communications
Used for network management and inter-data center connectivity.
GTT
Internet connectivity for our email delivery services.
Markley Group
Data center space for our email delivery services.
Zayo Group
Internet connectivity for our email delivery services.
MagneticOne
Suppliers of integration platforms for clients wanting to link their dotdigital account to supported third party e-commerce systems.
Australia-based storage
The dotdigital Engagement Cloud platform employs the use of Cloud Service Providers in order to provide a responsive and scalable service. To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used. Contracts including security requirements are in place, including Data processing Agreements, and EU Model Contracts.
The core Engagement Cloud platform is hosted on Microsoft Azure infrastructure. This is where all data uploaded to the platform will be stored, and where campaign and campaign reporting data will be collected. The Google Cloud platform is also used for some of dotmailer’s more processing intensive features such as Insight Data. In both instances, client data remains in the same region. In the APAC region our primary Microsoft facilities are in the Australia East region, with data backed up to the Australia Southeast region. Data stored on Googles infrastructure is stored in Australia (Sydney).
Maintained support
In order to maintain a stable platform, it may become necessary in certain circumstances to permit supervised system access to Dell, Microsoft and its agents.
Service Partners
Microsoft Azure
For the provision of the dotdigital service including storage of customer data. Azure conforms to many international and industry specific compliance standards. More information can be found on Azure’s Trust Center.
Cloudflare
For Content Delivery Network (CDN) and web proxy services. More information can be found on Cloudflare's Privacy & Security page.
Amazon Web Services
For provision of supporting network services and client image storage . AWS conforms to many international and industry-specific compliance standards. More information can be found on AWS's compliance page.
Google Cloud Platform
For the provision of the dotdigital service including storage of customer data. Google conforms to many international and industry specific compliance standards. More information can be found on Google Cloud Platform's Security page.
GGR Communications
Used for network management and inter-data center connectivity.
Webqem
Data Centre space and internet connectivity for email delivery services
MagneticOne
Suppliers of integration platforms for clients wanting to link their dotdigital account to supported third party e-commerce systems.
