Emarsys handles data related to the recipients of the emails which are generated and sent by the platform. This data is referred to as Personal Data (EU) and Personally Identifiable Information, or PII (USA). This page describes the flow of recipient-related data within Emarsys, with the focus on information security.
- Data flow
- Application security
- Infrastructure security
- Data exchange
- Data security
- Email security
This section describes the flow of data within Emarsys in a step by step manner, the following diagrams are intended to provide a holistic view of the system architecture and the related processes.
Our software development process follows a strict and secure coding principle.
The development team has a thorough understanding of existing infrastructure components, which is necessary to ensure that the deployment of the software is, firstly, operationally functional and, secondly, will not weaken the security of any existing environment. Development teams also participate in regular security trainings. Application security engineers are involved in the development of each product, and go-live requires an approval from Security.
All of our software development goes through internal security testing by Emarsys before undergoing independent assessment by external IT security firms that specialize in software and system security.
Emarsys production environments are hosted at high-security Tier3+ data centers that conform to ISO 27001 Information Security standards. To ensure continuity of service the data centers provide the following:
- Secured electricity through uninterrupted power supply units and backup generators
- 24/7/365 access control and surveillance
- Automatic fire detection and extinguishing system
- Redundant climate control and cooling systems
- High availability and guaranteed SLAs
The data centers are located in Vienna, Austria, approximately 10km apart from each other.
Emarsys operates high-performance redundant firewall clusters which are kept up to date with automated security updates, and have regular performance tuning performed on them.
Operating system security
Emarsys uses a managed environment built of UNIX operating systems which offer the highest levels of performance and stability. System updates are implemented regularly to ensure that all our systems always have the latest security patches, and all accounts are secured using keys and strong passwords. As an additional security measure direct root access has been disabled.
Each database server cluster is located in its own local subnet, all of which have access severely restricted so that only personnel with the correct authorization can access them.
Maintenance and monitoring
All systems are maintained and monitored in accordance with manufacturers’ recommendations on a 24/7/365 basis. Monitoring includes:
- Ensuring system availability (hardware, services, applications and connectivity)
- Capacity monitoring
- Performing regular log file analysis (including servers and network devices)
- Implementing security updates
- Security monitoring
Emarsys, as a database product, allows synchronization of recipient data with customer systems. Demographic information can be synchronized into standard fields while custom fields allow any information to be stored along recipients. The following sub-chapters describe methods to import recipient information into the system.
Importing into Emarsys databases
By setting up automated imports, files stored on SFTP servers are automatically processed by the system and the changes are propagated into the Emarsys database (FTP servers are also permitted but are not recommended).
Emarsys provides a RESTful API to retrieve recipient information and update it. Customers can set up automated synchronization processes that work via the API.
Registration forms can be created in order to easily integrate with the database. Registration forms can be embedded into customer’s web sites, allowing the creation and update of contacts directly from the website.
Contact data, as well as response data, can be exported from Emarsys. The exported file is either placed on the Emarsys web server on a password protected storage area or automatically uploaded to the customer’s SFTP server.
Emarsys’ Data Security Policies guarantee a strict separation of all customer data, especially Personal Data/PII. This section describes how such data is secured in each stage as it is processed by Emarsys, and focuses on the data retention time.
Storage of recipient data
Each customer receives their own set of tables in the database that hold information on recipients and actual launches. Since the data is logically separated, customers are not able to access each other’s data. The database is only accessible from inside our server farm protected by our firewall, so the only means to access from the outside is through the application itself. The application implements password authentication, IP restriction, and Two-factor Authentication with time-based authentication or SMS in order to protect customer data. The application runs on secure HTTPS channel.
Customers may optionally encrypt their files with PGP for added security. When data is provided on a customer’s infrastructure, the application checks for new files at regular intervals and downloads them with the credentials provided by the customer.
Generation and sending of emails
The generation of the personalized emails as well queuing for delivery is taken care of in the Emarsys backend.
Tracking of recipient responses and mail reports
The tracked Recipient Response and Mail Report data is stored in the main database. Again, there are distinct tables per customer to guarantee a logical and physical separation of data.
Authorized administrators of a customer may export recipient and response data from the system. Delivery of the exported .csv files is done through Emarsys web servers (WebDAV) or a customer’s FTP/FTPS/SFTP server (SFTP being the preferred solution). When Emarsys provides the files on the web server, the link is emailed to an email address authorized by the customer and credentials must be provided when accessing the files. Optionally files can automatically be uploaded to the FTP/FTPS/SFTP server of the customer.
Data retention period
The data stored on Emarsys WebDAV is automatically deleted by Emarsys’ Maintenance Process after a pre-defined retention time. The maintenance process runs every day, where a check is performed to identify data needing deletion.
By default, the data retention periods are:
- 7 days for the WebDAV Import folder.
- Data may be optionally removed by Emarsys from the customer’s FTP server after processing, otherwise it is the customer’s responsibility to remove them.
- All PII data which is stored in Emarsys databases is kept permanently in the main database and safeguarded by the mechanisms described above.
Emarsys uses the Transport Layer Security (TLS) encryption protocol to encrypt all emails sent through its infrastructure. This is the industry standard for email security and ensures that messages cannot be read by third parties while in transit. In a recent Transparency Report by Google, Emarsys was listed as one of only two European providers to use such encryption technology.
Emarsys provides encryption for data in transit on all public channels (SFTP, HTTPS API and user interface, WebDAV over HTTPS).
Request validation and authentication
API calls from customers are validated using the WSSE standard.
Communication between our internal services is secured by the Escher method.
Escher is a stateless HTTP request-signing specification to provide secure authorization and request validation. It adds an additional security layer and an authentication layer over HTTPS. The algorithm is based on Amazon’s AWS4 authentication. The protocol ensures the requests’ integrity, and also provides a solution for pre-signing URLs with expiration time.
User access requires authentication using a valid username and a strong password in accordance with our password policy. In addition, access to the user interface may be restricted by IP so only users at authorized locations can use them. If a user tries to log in from an untrusted location with IP restriction enabled we offer Two-factor Authentication, so login is only possible after the user enters a one-time password generated by an authenticator application, or received via SMS or voice call.
Every authentication attempt is recorded and an automatic procedure takes care of temporarily locking out accounts with too many failed password attempts. Our users are also required to change their password regularly. Our password policy will not let them change to a password they recently used.
Emarsys employee data access
All customer data is owned solely by the respective customer, no one else. Access to customer data by Emarsys employees is restricted on a need-to-know basis, based on the role of the employee. All such access is logged in detail.
Confidentiality is ensured by non-disclosure agreements in Emarsys employee contracts, as well as the strict guidelines laid down in accordance with the ISO 27001 and ISO 27108 requirements with regards to how confidential information is stored and processed internally. Any information provided by our customers is automatically classified into the highest confidentiality class used at Emarsys.
Geographical data regulations
Emarsys’ servers holding the customer data are all based within the EU, meaning that all laws and regulations relating to data handling on a national and federal level are observed in accordance with the EU regulations.