MailOdds

Security

Your data protection is our priority. Here's how we keep it safe.

Encryption

TLS 1.3 for all data in transit. AES-256 for data at rest. API keys are hashed and never stored in plain text.

EU Data Hosting

All data stored on servers within the European Union. No data transfers outside the EU.

Minimal Data Retention

Single email checks are processed in memory and not stored. Bulk job results are stored temporarily for download (7 days), then automatically and permanently deleted.

GDPR Compliant

Full GDPR compliance. Data Processing Agreements available for enterprise customers.

Our Practices

  • Regular security audits and dependency updates
  • Role-based access control for team members
  • Automated backups with encryption
  • Rate limiting and DDoS protection
  • Incident response plan with 24-hour notification

Data Lifecycle

  • -- Single email validations: processed in memory, not persisted
  • -- Validation results cached for 1 hour (hashed key, result data only, no email address stored)
  • -- Bulk job results stored for 7 days, then auto-purged. You can delete sooner from your dashboard.
  • -- Uploaded CSV files deleted immediately after email extraction
  • -- Audit logs purged after 90 days. Webhook delivery records purged after 30 days.

Infrastructure

EU Hosting

Hetzner Cloud, Germany. Falkenstein and Nuremberg data centers. All data remains within the European Union.

Network Isolation

Private VLAN isolation between services. TLS-only internal communication. No services exposed to the public internet except the API gateway.

Redundancy

Automated encrypted backups. Blue-green deployment with instant rollback. Zero-downtime deployments for all production updates.

Data Processing Agreement

Enterprise customers can request a Data Processing Agreement (DPA) for GDPR compliance. Contact us at security@mailodds.com to get started.

Responsible Disclosure

To report a security vulnerability, please email security@mailodds.com with details. We aim to acknowledge reports within 48 hours.

Questions? For general security inquiries, DPA requests, or to report a vulnerability, contact us at security@mailodds.com