EN
API DOCS Email API & Cloud SMTP Pricing Blog

Scope and Purpose of Personal Data Processing

Detailed List of Primary Data Processors

The service provided by Cloudflare, Inc. to Vercom S.A. includes the Web Application Firewall (WAF). The incorporation of WAF into Vercom's services aims to enhance the security of services provided by Vercom to the company's clients.

Vercom has ensured appropriate provisions in the agreement, including, among others:

  • Inclusion of the Data Localization Suite (DLS) option for the WAF service – through DLS, information processed by Vercom as part of the services remains within the European Union;

  • Inclusion of the EU Customer Metadata Boundary option for the WAF service – ensuring that data processed by Vercom for Vercom's clients will not be transmitted outside the European Union.

FAQ

Does Emaillabs have a DPA for their client?

Yes, please find the agreement template here.

Does Emailabs have cloud email services?

The SMTP server is provided to the Client by a virtual server separated from the physical server belonging to VERCOM, to which is assigned the IP address used for sending e-mail messages. The SMTP server can be shared or dedicated to the client. it is always a VPS (Virtual Private Server).

Diagram of the technical structure of the EmailLabs Service:

I. "Sending" part

The main functionality of the EmailLabs Service is the possibility of mass sending e-mail messages to the address database specified by the customer.

II. Database part

It includes the processing of data on a completed email sent. The data is logically separated.

Therefore, it should be stated that the data contained in e-mail messages sent using the EmailLabs Service are processed on servers belonging to VERCOM.

In the case of backups, the data is encrypted (and stored in this form on servers provided by third parties.

Do you process data outside European Union?

Vercom declares that the Processing of Personal Data shall be performed in the territory of the European Union or the European Economic Area, unless the obligation to transfer the Personal Data to the third country, in the meaning of the GPDR, derives from the Law

What the data processing process at EmailLabs looks like?

The processing of entrusted data (in the context of the GDPR) distinguishes:

  1. Data in transit: data is encrypted with SSL.

  1. Data at rest: we store only the e-mail addresses of e-mail recipients (e-mail logs in the panel). This data is not encrypted due to the computational overhead of processing such databases. However, in 2024 Quarter 1 there will be a functionality of data anonymization.

IS 2FA method available?

Yes, the panel has the ability to manage users and various access levels.

Does user panel has a managing access levels for different users?

Yes, the panel has the ability to manage users and various access levels.

Is there data anonymization available?

Yes, the injected status is processed in the database and a log is saved with the anonymous TO address.

When the final email status is processed (OK, hard bounce, dropped, etc.), the status is saved to the database and the server logs are also anonymized in a similar way to the logs in the database.

Anonymization could involve, for example, leaving the first character and domain, e.g. instead of "john.walk@abcabc.pl" it would be "j***********@abcabc.pl". On the customer’s side, the log of such an email would be precisely identifiable by the message_id.

What are system backups look like?

System backups (for the purpose of possible loss of operational data, and system recovery) are encrypted with a number of encryption (including AES256) and compression algorithms, entirely on our side and transferred to our backup servers in CPD. All our CPDs are located ONLY within the EEA.

PreviousEmailLabs Safety CenterNextCloudflare

Last updated