Our processes and services comply with the strictest of data standards, including Europe’s General Data Protection Regulation (GDPR). The security of your data is our top priority, and we proudly provide services to over 25% of the Fortune 100.

Overall Security Safeguards


  • All data is stored and processed ‘blind’ (e., each file is processed as a job number rather than by company name).

  • All data we process is encrypted in transit and at rest.

  • We have external third-party audits, penetration tests, and application security tests performed on an annual basis.

  • We operate firewalls with built-in intrusion detection and data loss prevention.

  • All our staff have passed background checks, receive routine security training, have signed Confidentiality Agreements, utilize unique system identifiers, and conform to a strict password policy.

  • Code reviews and vulnerability scans are performed monthly.

  • Operating systems and software are automatically patched daily and our antivirus and anti-malware signatures are updated hourly.

Data Backup 

We backup all data locally and replicate a copy to an encrypted storage vault via an encrypted connection within Microsoft Azure.  This storage vault is in the Microsoft Data Center in Illinois.

Data Destruction

By default, we destroy all data 90 days after the completion and payment of services. Clients with specific retention needs can configure a custom data destruction timeframe within their Client Portal Accounts.

Additionally, our Real-Time service supports the option for immediate anonymization of all logs.  This sanitization is enabled by default for all EU-based clients and can be configured within the Client Portal for any other client.

Lastly, we have the ability to suppress any user data on a client or global level.  Any email address that appears on a suppression list will be flagged for removal.

If you have any questions or you’d like more detail on any of the above, please do not hesitate to contact the FreshAddress List Processing Team either via email or at 617.965.4500 x 222.

Data Processing Addendum

For customers who are sending data to FreshAddress for processing and need to be compliant with GDPR please download, sign, and return a copy of our DPA here.  Return a signed copy to security@freshaddress.com or fax to 617.965.4551.