MailerLite Trust Page

Our services are hosted by trusted and certified data storage centers that are located in the European Union (Germany and the Netherlands) and are certified to ISO/IEC 27001:2022. You can rest assured that your and your subscribers’ data is safe with us because our data center provides all the necessary security measures for data protection and processing.

We employ multiple layers of network security. Our infrastructure is protected by firewalls. All network traffic is monitored for suspicious activity.

We monitor our cloud environment through a multi-layered approach to ensure security and compliance. This involves continuous automated scanning for misconfigurations, real-time threat detection using advanced security analytics, and regular audits against industry standards.

We follow secure coding best practices throughout the development lifecycle. This includes security requirements in the design phase, peer code reviews, and automated security testing integrated into our CI/CD pipeline.

We regularly scan our applications and infrastructure for vulnerabilities using industry-leading tools. Identified vulnerabilities are tracked, prioritized, and remediated based on severity.

We engage independent, third-party security firms to conduct regular penetration tests of our applications and infrastructure to identify and address potential security weaknesses.

We use a top-tier Single Sign-On (SSO) solution to centralize authentication across all our tools, providing a unified and secure access point. This approach strengthens our security through enforced two-factor authentication (2FA) and reduces the risk of password-related issues for team members. It also improves efficiency for our IT and security teams by making it easier to manage user accounts, including automatic provisioning and the deactivation of unused accounts.

We have implemented and continually improved an Information Security Management System (ISMS) to ensure proper information protection, manage risks and ensure business continuity following the requirements of the ISO/IEC 27001:2022 standard. ISMS is aligned with the needs and expectations of the clients and other stakeholders.

We maintain a comprehensive set of information security policies and standards that are approved by management, published, and communicated to all team members and relevant external parties.

Choosing the right security controls would be impossible without first understanding our unique risks. That's why at MailerLite, risk management drives our entire security program. By identifying potential threats and vulnerabilities and analyzing their likelihood and impact, we can make informed, data-driven decisions about which security controls to implement. This ensures our defenses are always proportional to the risks we face. The process is continuous, with regular updates to risk assessments and an annual review.

We believe it's crucial to confirm that our controls are performing as expected. Our annual and internal audit programs are designed not only to catch and fix problems quickly but also to proactively identify areas for continual enhancement. The outcomes of these audits are formally reported to senior leadership, ensuring they are integrated into our overall information security oversight.

Access to sensitive data and systems is strictly controlled based on the principle of least privilege. We enforce strong password policies, require multi-factor authentication (MFA) for all team members, and conduct regular access reviews.

To protect company data, all of our corporate-managed devices are fully encrypted, rendering the data on them inaccessible if lost. Furthermore, every device is enrolled in our management platform, giving our management team central control. This allows us to enforce security policies and system updates, and critically, gives us the power to remotely disable or erase a device in the event of loss or a security breach.

We expect our vendors to uphold the same high standards of information security that we maintain internally—especially when they have access to customer data. To ensure this, we apply rigorous security requirements tailored to each vendor's risk level to our operations and customers.

All new hires receive security and data privacy training during their initial onboarding process. This foundational step ensures every team member, regardless of their role, understands their personal responsibility in protecting company and customer data from day one.

We cultivate a strong security culture through a continuous awareness program for all company team members. Our training features dynamic content specifically tailored to MailerLite's unique information security landscape. This ongoing education is reinforced with regular phishing and spear-phishing simulations to ensure our team’s vigilance against emerging threats.

We have dedicated personnel to manage and monitor all our services and infrastructure 24/7. Our team focuses on the network, system security and has incident management procedures.