MailerLite is committed to maintaining the highest operational standards in systems and processes to protect personal data in accordance with good industry practice. At MailerLite, we know that security is crucial to you and it is the reason why we are using industry-best standards and it is our top priority. For your information, we have provided the main aspects of our security practices below.
MailerLite has implemented and continually improves Information Security Management System (ISMS) to ensure proper information protection, manage risks and ensure business continuity following the requirements of the ISO/IEC 27001:2022 standard. ISMS is aligned with the needs and expectations of the clients and other stakeholders.
MailerLite commits to satisfying applicable requirements related to information security and data privacy.
Information security and data privacy is an important integral part of our corporate governance. We are committed to continually improving our ISMS system by setting ambitious information security goals and objectives in these key areas:
Compliance
Risk appetite and capacity
Incident detection and resolution.
Our team works hard to ensure compliance with international data protection law requirements. MailerLite takes reasonable precautions, technical and organizational security measures to ensure a level of security appropriate to the risk, follows industry best practices in order to protect your data from any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to information, and to preserve the security and confidentiality of the data. The implementation of the security layers protects user information using both server authentication and data encryption, ensuring that user data is safe, secure and available only to authorized persons. All personnel involved in data processing have committed themselves to confidentiality and are instructed regarding privacy accordingly. However, despite best efforts, no method is perfectly secure. We cannot guarantee absolute security.
MailerLite is certified to ISO/IEC 27001:2022, the leading standard for Information Security Management Systems (ISMS). This certification reflects our commitment to the highest levels of data security, ensuring the confidentiality and integrity of our customers' and employees’ information.
Our services are hosted by a trusted and certified data storage center that is located in the European Union (Germany and Netherlands) and is certified to ISO/IEC 27001:2022. You can rest assured that your and your subscriber’s data is safe with us because our data center provides all the necessary security measures for data protection and processing.
Passwords and credit card information are always sent over secure, encrypted Secure Sockets Layer (SSL) connections. All payment information provided to MailerLite is passed directly to its payment processors, and MailerLite does not have access to it. Our payment processing vendors are Payment Card Industry Data Security Standard (PCI-DSS) compliant.
MailerLite, Inc., providing services to the customers outside of the European Economic Area (EEA), United Kingdom, and Switzerland, holds the certification developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration affirming its adherence to the Data Privacy Framework principles to ensure the secure collection, processing, utilization, and retention of personal data transfers from these regions to the US. To be specific, MailerLite, Inc. complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF), including the UK Extension to the EU-U.S. DPF. For further information please visit the DPF website here and MailerLite’s Privacy Policy here.
The MailerLite team continues developing new features that help us stay GDPR-compliant. We have incorporated all the necessary controls and procedures for personal data processing security derived from the GDPR into our systems. You can find more information about the data we collect and how we process it in our Privacy Policy and Data Processing Addendum.
We deploy industry-standard protection techniques to provide maximum security to our users. All servers and computers have industry standard anti-virus software installed, which is updated and continuously monitored to prevent unauthorized access to user data, network vulnerability scanning, network security monitoring, etc. We also make two-factor authentication available to our customers.
MailerLite continuously maintains and monitors notifications, errors, logs and alerts on our services, and from all systems to identify and manage threats. Comprehensive security measures prohibit unauthorized access to data processing equipment. We also maintain internal information security policies, including incident response plans.
Data communications between the client and our application are protected via encrypted data channels HTTPS/TLS (Hyper Text Transfer Protocol Secure/Transport Layer Security) protocol. Data integrity is ensured by mirroring all data in two separate locations.
We have dedicated personnel to manage and monitor all our services and infrastructure 24/7. Our team focuses on the network, system security and has incident management procedures.
Keeping your data safe also depends on you ensuring that you preserve the security of your account, systems and personal information. You should use sufficiently complicated passwords and store them safely.
MailerLite reserves the right to change this Security Statement at any time. If we decide to change it, we will post these changes on this page so that you are always aware of how we ensure the security of your data. All changes are effective immediately upon posting.
If you have any questions about our data security, please contact us any time via this contact form.
Last updated on March 7, 2025