Customer Data Security

To ensure that your information remains safe in our cloud environment we employ a host of technical security measures. PushSend is hosted in our own secure environment, which is built on top of a leading cloud hosting service.
At PushSend we recognize that your content and data are some of your firm’s most valuable assets. We also deeply respect the trust that you place in us when you use our solution. So, we are committed to upholding the integrity of your data and protecting your privacy. We have built PushSend to ensure that robust technologies and processes are in place to both secure and protect your valuable assets as well as help you be compliant with the evolving world of data/privacy compliance.
Operational

We have an expert team that is responsible for monitoring the servers and the application to identify any irregularities and suspicious activities and respond to security issues. Only a few authorized staff members have access to the servers and application. Access is revoked immediately in the event that an employee no longer has a business need to access data or in the event of termination. All security staff go through a thorough vetting process and are trained on information security and privacy procedures. In addition, they must sign confidentiality agreements.

Physical

The PushSend service is hosted in highly secure data centers. Physical access to data centers is strictly controlled by professional security staff. The data centers can only be accessed by authorized employees and contractors. Automatic fire detection and suppression equipment has been installed to reduce risk. The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations 24x7. Data centers are conditioned to maintain atmospheric conditions at optimal levels. All electrical, mechanical, and life support systems and equipment are monitored so that any issues are immediately identified.

Network

Network access to and from PushSend is controlled by dedicated firewall, access control lists (ACL), and Intrusion Prevention Systems (IPS). Access to the servers require the use of VPN with multi-factor authentication. Data for all sensitive pages are communicated using Secure Sockets Layer (SSL). Payment processes are fully PCI-DSS compliant.

Our email server provider has received the SOC 2 Type II certification, which means it has been proven that their system is designed to keep its clients’ sensitive data secure.

Application

All user accounts are restricted by usernames and passwords. Account access rights are managed by your administrator user. All your users are set up in the platform by your administrator user. Verification is by email.

We use cookies for user authentication. We use session IDs to identify user connections.
The session IDs are contained in HTTPS-only cookies not available to JavaScript and/or tamper-proof. Applications and servers are regularly updated with the latest security patches to provide ongoing protection from exploits.

Data

Each customer’s data is stored in a separate database, which is isolated and protected to prevent unauthorized access. To protect customer data, we encrypt information at rest and in transit using AES 256. Access to customer data is limited to authorized personnel with an identified need for such access. Systems access is logged and tracked for auditing purposes.

We use a two-tiered backup solution for customer data. All files will be backed up on a daily basis and encrypted on the server using a PGP key and then uploaded to our secure cloud storage service. At the same time, they will also be uploaded to a separate cloud hosting service as a safety measure so that there is an up-to-date offsite backup as well. The communication between the two cloud hosts will be done via an encrypted connection (SSL) and sent as small 5MB chunks. Backups can be stored for lengthy periods of time as per your requirements.

We retain the personal data provided to us by our Customers or that we collect on behalf of our customers for the length of time needed to fulfil our Services. Customer data can only be deleted by the customer or with the customer’s request. When data is deleted it is removed from the application but remains in the database for [x amount of time] in the event the data needs to be restored.

Privacy and SPAM Compliance

PushSend is committed to helping our customers comply with all privacy laws and regulations (CAN-SPAM, CASL, and GDPR) through our robust privacy and security protections.

PushSend follows a zero-tolerance spam policy and prohibits users from sending unsolicited commercial emails in any form while using the service. If you use the PushSend service to send spam, we will ssuspend your account immediately.

PushSend is intended for businesses and organizations who have an established list of permission-based opt-in email addresses. This means PushSend users need to obtain the explicit permission of their contacts/subscribers before adding them to their lists. Obtaining consent is required by anti-spam and other privacy and consumer protection laws.

You must have your company/organization’s physical address and an unsubscribe link included with every email sent. These items are automatically included with every email sent to enable you to comply will email sending laws.

We will never use customer information and data for purposes other than its intended use (See our full Privacy Policy for more details).

By using the website, you agree to our use of cookies to analyze website traffic and improve your experience on our website.

Learn More.