Infrastructure and Security

Data Protection Impact Analysis (DPIA)

As required by the regulation, the infrastructure and security policies have undergone a preliminary adequacy and impact assessment on data protection. To ensure compliance with the highest data protection standards, these assessments will continue to be conducted regularly.

Data Centers Located in Europe

To safeguard the confidentiality, integrity, and availability of data, the MailSenpai platform relies on servers hosted in physical data centers located within the European Union, accessible by our personnel via a virtual private network (VPN). (Hetzner, Aruba, Register, etc.)

Data Loss Prevention (DLP)

MailSenpai recognizes that data loss prevention measures are crucial in preventing unauthorized sharing of sensitive information. Therefore, we have implemented a series of technical and organizational measures to ensure our customers are protected from unauthorized access while maintaining adequate security for all authorized access, depending on the nature of the processed data

Mitigation Techniques and Service Availability

The infrastructures hosting the servers used by MailSenpai are designed to be resilient to Distributed Denial of Service (DDoS) attacks through systems capable of anticipating, blocking, and effectively countering most attacks. The advanced technological measures employed provide top-tier protection against large-scale DDoS attacks.

Encryption

At the application level, we secure customer database data through encryption at rest. During transmission over the Internet or internal networks, data is vulnerable to unauthorized access. Therefore, data protection in transit is a high priority. We utilize TLS/SSL encryption protocols, which use symmetric encryption based on a shared key to ensure secure communication and data integrity over networks. For additional security, we use the AES-256 encryption algorithm within TLS/SSL.

Threat Protection

• Regular and automated verification of server updates and installation of the latest security patches.

• Advanced email scanning systems for detecting viruses, spoofing (forged senders), and enforcing a strict anti-spam policy.

• Detection and blocking of malicious files within our internal network using antivirus and proxy systems.

• Anti-phishing analysis tools and advanced threat protection against spear-phishing attacks..

Multi-Factor Authentication and Firewalls

• Multi-factor authentication (MFA) requires multiple verification methods, adding an extra layer of security for system administrators.

• Multiple network firewalls protect the corporate infrastructure.

• Web application firewalls and Intrusion Detection Systems (IDS) monitor IT resources, detecting network or computer attacks. IDS functions as an “alarm system” by conducting thorough traffic analysis.

Monitoring and Access Control

• Extensive visibility on API calls.

• Log aggregation options to optimize investigations and compliance reporting.

• Definition, enforcement, and management of user access policies across all services.

• Monitoring of suspicious access to detect possible intrusions.

• Configurable alert notifications for threshold breaches or event verification.

• Employee access rights and levels are based on job functions and responsibilities, following the “least privilege” and “need-to-know” principles.

• Requests for deeper access follow a procedure requiring approval from data/system owners, managers, or other executives based on established security criteria.

Vulnerability Assessment

MailSenpai regularly conducts security penetration tests.

Incident Management

The adopted incident management process for security events affecting confidentiality, integrity, or availability of systems or data follows a priority-based approach according to the severity of the incident. Higher priority is given to events with a direct impact on customers.

Physical Security of Data Centers

The data centers of the service providers hosting MailSenpai’s servers adhere to high-security measures.

Availability and Integrity of Personal Data

To ensure data availability in case of hardware malfunctions, critical servers are backed up daily. MailSenpai retains customer database backups for the necessary period specified in the data retention policy before secure deletion. These backups are regularly verified, organized to ensure data segregation for each customer, and securely encrypted for maximum protection.

Asset Management

All physical and logical assets are regularly monitored.

MailSenpai applies stringent operational procedures for asset management, ensuring their proper use and functionality throughout their lifecycle—from acquisition to software installation and verification, up to decommissioning and possible destruction.

Secure Development

MailSenpai applications comply with OWASP guidelines for secure coding and Data Protection by Design principles. All development personnel undergo continuous training on best practices derived from leading industry standards.

Training

MailSenpai provides all employees with the necessary tools for professional growth.

Data Classification

MailSenpai classifies data and information based on confidentiality, availability, traceability, and integrity requirements, in accordance with leading information security standards.

Risk Assessment

Specific corporate procedures are in place to assess risks related to major cybersecurity threats. A risk-based approach is pursued in every operational area.

Supplier Management

We continuously monitor our suppliers and third parties. A risk assessment is conducted on suppliers to verify their technical and organizational measures. This evaluation complies with Article 28 of the GDPR for data processing conducted by designated Data Processors. Supplier agreements are regularly reviewed and monitored to ensure compliance with service level agreements (SLA).

Document updated as of March 20, 2020.