Data Security at FreshAddress
Our processes and services comply with the strictest of data standards, including Europe’s General Data Protection Regulation (GDPR). The security of your data is our top priority, and we proudly provide services to over 25% of the Fortune 100.
Overall Security Safeguards
- All data we process is encrypted in transit and at rest.
- All data is stored and processed ‘blind’ (e., each file is processed as a job number rather than by company name).
- We have external third-party audits, penetration tests, and application security tests performed on an annual basis.
- We operate firewalls with built-in intrusion detection and data loss prevention.
- All our staff have passed background checks, receive routine security training, have signed Confidentiality Agreements, utilize unique system identifiers, and conform to a strict password policy.
- Code reviews and vulnerability scans are performed monthly.
- Operating systems and software are automatically patched daily.
- Our antivirus and anti-malware signatures are updated hourly.
We offer multiple ways to transfer your data to us securely, and your results will be returned through the same secure channels.
- Our Client Portal and API utilize HTTPS, meaning the communication is encrypted with a 2048-bit SSL certificate (TLS 1.2).
- You can transmit your file via PGP encryption to your company’s dedicated account on our secure FTPS
All data is processed in the United States.
- Batch processing is performed on our own equipment in the FreshAddress datacenter in Massachusetts.
- Real-Time services are hosted within Amazon Web Services in Virginia.
All servers and storage devices are encrypted to keep your data safe. All data is stored on a segmented portion of our internal network and only accessible to staff who will perform the service.
We backup all data locally and replicate a copy to an encrypted storage vault via an encrypted connection within Microsoft Azure. This storage vault is in the Microsoft Data Center in Illinois.
We maintain a record of all processing activity. All data is available to clients through their Client Portal or by request. We have the ability to help all clients validate, update, or remove data for any user that has requested them to do so.
By default, we destroy all data 90 days after the completion and payment of services. Clients with specific retention needs can configure a custom data destruction timeframe within their Client Portal Accounts.
Additionally, our Real-Time service supports the option for immediate anonymization of all logs. This sanitization is enabled by default for all EU-based clients and can be configured within the Client Portal for any other client
Lastly, we have the ability to suppress any user data on a client or global level. Any email address that appears on a suppression list will be flagged for removal.
If you have any questions or you’d like more detail on any of the above, please do not hesitate to contact the FreshAddress List Processing Team either via email or at 617.965.4500 x 222.
Data Processing Addendum
For customers who are sending data to FreshAddress for processing and need to be compliant with GDPR please download, sign, and return a copy of our DPA here. Return a signed copy to firstname.lastname@example.org or fax to 617.965.4551.