Customer Security Statement

Customer Security Statement

The following statements represent the intended features that will be available in Esendex Connect Release 5.  This is suggested content from Tech and Compliance teams, which will require review and changes by Product, Marketing, Esendex Connect Upgrades and Legal before being suitable for publication.

Technical Security Measures

We host our applications in Microsoft Azure, using multiple resilient datacentres across regional instances.  These sites are operated to exacting physical security standards, ensuring that only authorised personnel can gain access to the premises, with access logged and monitored 24x7x365.

We have designed our platform using modern failover and redundancy techniques, coupled with robust Backup and Disaster Recovery technology, to ensure high availability at all times.

All personal data is encrypted at rest, and encrypted in transit in and out of our platform to minimum TLS 1.2 or above standard.

To ensure we deploy the highest quality of security embedded into our applications, we train our engineering team in secure coding practices such as OWASP industry recommendations, as well as testing throughout the software delivery lifecycle for any security risks.  We also regularly use independent penetration test partners to identify any security risks.

To ensure no unauthorised access is obtained to the platform, we operate strong firewalling, continuous intrusion detection and prevention (IDP) monitoring, and strict role-based access controls (RBAC) on the basis of least privilege.

Our operational and security teams work around the clock every day of the year to monitor and respond to the most critical alerts and issues.

We offer an availability service level agreement (ASLA) of 99.90%, and commit to responding to all priority 1 incidents within 60 minutes of contact.

Our service management process underpins all that we do, and ensures that we deliver best-in class processes and people to manage incidents and deliver changes safely and successfully.

Security Policy and Governance

We minimise staff access to the platform based on role and least privilege access.  All staff that work on our platform are subject to rigorous background checks, are party to confidentiality agreements and undergo annual security training.

Our information security management system (ISMS) policies ensure that the company operates with an end-to-end security mindset. This includes the secure storage, deletion and disposal of customer data, as well as physical security and access controls. 

The suppliers we work with to help deliver service on the platform have been carefully selected, and undergo careful screening and review via our third party risk management process.  For the list of suppliers who process, store or transmit messaging data, or provide services within environments where customer messaging data is processed, please see our subprocessors page.

We also pride ourselves on our anti-fraud processes, which aim to prevent and detect any potential misuse of our platform, and deliver a high level of assurance for both our customers and suppliers with our customers and suppliers.

Hosting and Processing Locations

To enable us to provide data sovereignty capabilities for our customers, we will process and host your messaging data in regional instances of Connect .

If you are a customer located in the UK, your data will be processed and stored in Connect in the UK.

If you are a customer located in the EU, your data will be processed and stored in Connect in the EU.

For further information on which legal entity you are contracting with, please see the Terms of Service.

Accreditations and Standards

Our service has been designed in compliance with international security standards including ISO 27001 as well as adhering to all relevant regulatory requirements such as GDPR.

In the UK, the Connect platform is also certified to Cyber Essentials and NHS DSPT. Also for our UK customers, whilst we do not process payments directly on your behalf, on behalf of our customers, we do use a trusted partner who is accredited to PCI DSS Level 1 standards to protect sensitive financial data.

Support

You can contact us via phone, email and chat between 08:30 and 17:30, Monday to Friday excluding UK Public Holidays.

Last Updated August 2025