No results were found...

Security Statement

MailerLite is committed to maintaining the highest operational standards in systems and processes to protect personal data in accordance with good industry practice. At MailerLite, we know that security is crucial to you and it is the reason why we are using industry-best standards and it is our top priority. For your information, we have provided the main aspects of our security practices below.

Data Protection

Our team works hard to ensure compliance with the international law requirements. MailerLite takes reasonable precautions, technical and organizational security measures to ensure a level of security appropriate to the risk, follows industry best practices in order to protect your data from any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to information, and to preserve the security and confidentiality of the data. The implementation of the security layers protects user information using both server authentication and data encryption, ensuring that user data is safe, secure and available only to authorized persons. All personnel employed in data processing have committed themselves to confidentiality and are instructed regarding confidentiality accordingly. However, despite best efforts, no method is perfectly secure. We cannot guarantee absolute security.


Our services are hosted by a trusted and certified data storage center that is located in the European Union. Our data storage center has information storage security certificate (ISO 27001). You can rest assured that your and your subscriber’s data is safe with us because our data center provides all the necessary security measures for data protection and processing.

Passwords and credit card information are always sent over secure, encrypted Secure Sockets Layer (SSL) connections. All payment information provided to MailerLite is passed directly to its payment processors, and MailerLite does not have access to it; MailerLite does not need to be PCI compliant. Our payment processing vendors are Payment Card Industry Data Security Standard (PCI-DSS) compliant.

MailerLite, Inc., providing services to the customers outside of the European Economic Area (EEA), United Kingdom, and Switzerland, holds the certification developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration affirming its adherence to the Data Privacy Framework principles to ensure the secure collection, processing, utilization, and retention of personal data transfers from these regions to the US. To be specific, MailerLite, Inc. complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF), including the UK Extension to the EU-U.S. DPF. For further information please visit the DPF website here and MailerLite’s Privacy Policy here.

GDPR compliance

The MailerLite team worked hard and developed new features that helped us become GDPR-compliant. We have incorporated all the necessary controls and procedures for personal data processing security derived from the GDPR into our systems. You can find more information about the data we collect and how we do it in our Privacy Policy. Our clients can also review a Data Processing Addendum here.


We deploy industry-standard protection techniques to provide maximum security to our users. All servers and computers have industry standard anti-virus software installed, which is updated and continuously monitored to prevent unauthorized access to user data, network vulnerability scanning, network security monitoring, etc. We also make two-factor authentication available to our customers.

Organizational Security

MailerLite continuously maintains and monitors notifications, errors, logs and alerts on our services, and from all systems to identify and manage threats. Comprehensive security measures prohibit unauthorized access to data processing equipment. We also maintain internal information security policies, including incident response plans.

Data encryption

Data communications between the client and our application are protected via encrypted data channels HTTPS/TLS (Hyper Text Transfer Protocol Secure/Transport Layer Security) protocol. Data integrity is ensured by mirroring all data in two separate locations.

Dedicated security team

We have dedicated personnel to manage and monitor all our services and infrastructure 24/7. Our team focuses on the network, system security and has incident management procedure.

Your responsibilities

Keeping your data safe also depends on you ensuring that you preserve the security of your account, systems and personal information. You should use sufficiently complicated passwords and store them safely.


MailerLite reserves the right to change this Security Statement at any time. If we decide to change it, we will post these changes on this page so that you are always aware of how we ensure the security of your data. All changes are effective immediately upon posting.

Contacting MailerLite

If you have any questions about our data security, please contact us any time via this contact form.