Postmark and EU flags

EU Data Protection

We value your trust and work hard to protect your information


When you use our services you entrust us with your valuable information. We have made it a priority to protect your data and to provide you with choices about controlling it. We understand that there are particular concerns from companies in the EU about how we use and protect your data, so we put this page together as a guide to answer some of the most common questions you may have.

We provide more detail about all of this in our Privacy Policy, but here are some highlights:

Access to your Information

If you have an account with us, you may access, correct, or request that we delete your personal data by logging into your account or by contacting us at This request can include personal data of other individuals, like your employees or customers that you have provided to us and who have requested this of you. We will respond to these requests within a reasonable timeframe.


We use technical and physical controls designed to prevent unauthorized access to your personal data. We store your information in a  database on servers which are secured by different technical measures. The servers are hosted in a SSAE 16 SOC 1 Type 2 colocation center. We also restrict access to personal data only to our employees, contractors and agents who need to know this information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

We also have several programs and plans in place specifically to comply with EU-specific regulations. This includes current compliance with Privacy Shield, and taking necessary steps to become GDPR compliant.

Privacy Shield

We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework with respect to the transfer of personal data from the EEA or Switzerland, to our servers which are located In the US.

These frameworks were designed to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the EEA and Switzerland to the United States.

Using the EU US Privacy Shield Framework for data transfers from the EU to the US was approved on July 12, 2016 for the EU and on July 8, 2017 for the EEA. It was approved for transfer from Switzerland to the US on January 12, 2017. You can view our current certification here:

We are preparing for the EU General Data Protection Regulation (GDPR)

What is GDPR?

In 2016, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). GDPR is a significant change in data protection regulation in the EU and replaces the existing legal framework (the Data Protection Directive and the various member state laws). It will come into effect on May 25, 2018.

Why is GDPR important?

GDPR adds some new requirements regarding how companies should protect individuals' data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. We are following the developments about GDPR and are taking steps to prepare for compliance.

Does GDPR require that my information be stored in the EU?

No. Under GDPR a company is allowed to transfer personal data outside of the EU provided that it puts in place a mechanism, approved under GDPR, to make sure that personal data is adequately protected even when it is transferred outside of the EU. We have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to satisfy this requirement (more detail in the Privacy Shield tab).

What is Postmark doing to comply with GDPR?

We are implementing changes

Our compliance, data protection, and information security teams are working to prepare our services for GDPR. We are reviewing our data processing activities, and assessing and prioritizing any changes that need to be made in advance of the GDPR effective date.

We are here for you

We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data and gearing up for GDPR. If you have any questions, please don't hesitate to contact us at

We have addressed cross border data transfers

Like the Data Protection Directive that is presently in effect, GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions we have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, a mechanism that had been approved for cross border transfer of personal data under the Directive and expected to apply under GDPR as well.