System

Check service availability and performance

LEARN MORE

Security

See how Maropost safeguards your data

LEARN MORE

Compliance

View our technical certifications landscape

LEARN MORE

API

View our API Documentation

LEARN MORE

Security

Maropost is an enterprise-level SaaS based web-application that combines messaging campaign management and deployment across multiple digital channels including email, SMS, mobile app messaging, and social media.

The application is offered as a “hosted rich internet application”. Users require a modern browser, for example IE 7+, Firefox, Chrome, or Safari, to access it. The browser sessions use a 128-bit encrypted SSL connection. The servers are hosted in a secure facility with 24/7 monitoring, redundant power, nightly and real-time backups complying with international standards for data security and management.

Application Security

Maropost has powerful client security controls, including those that allow clients to do the following:

Security Icon

Implement User-level and Organizational-level IP address restrictions. Our platform can bind campaign sends to specific and dedicated IP addresses.

Security Icon

Limit each user’s access to specific functional areas within the application and which actions can be performed within those areas.

Security Icon

Limit visibility to assets within each functional area by use of permissions-based folders.

Security Icon

Restrict 3rd-party API access rights to specific method classes and to specific commands.

Security Icon

Restrict database access rights and secure file transfer site access rights.

Secure Architecture

The Maropost enterprise network uses primarily Cisco networking equipment. Networking equipment is configured consistent with the manufacturers’ best practices for operational stability and security. All servers and the networking equipment is owned by Maropost and operated by a 3rd-party hosting provider.

SECURITY POLICY

Secure Transmissions and Sessions

Connection to the Maropost environment is via SSL 2.0/TLS 1.2 ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login required for all communications with Maropost data centers.

Maropost hosts a secure FTP server with 128-bit encryption for manual and automated file transfers with additional VPN and PGP encryption protection available.

Network Protection

Perimeter CISCO firewalls block unused protocols. Intrusion prevention and detection sensors report events to a security event management system for logging, alerts, and reports and internal access control lists segregate traffic between the application and database tiers.

Data Centers

Our service is collocated in dedicated spaces at top-tier data centers maintained dedicatedly by our 3rd-party hosting provider.  Images used in emails are uploaded to and served by our 3rd-party content delivery network provider.

Backups

All data is backed up to disk at each data center on a rotating schedule of incremental and full backups. Data is replicated to other data centers via an encrypted tunnel.

Business Continuity & Disaster Recovery

The managed environment is hosted in a High Availability (HA) setup. Each network device, which includes the switches, firewall, and the network interfaces on all of our dedicated servers, for both the internal network(which operates at the speed of 10G) and the external network(which operates at a speed of 1G) have been paired and configured to run in a bonded setup. In case of a failure of a network interface, the other participant of the bonded interface switches over and resumes the network traffic. The firewall and the network switches are configured identically.

Due to this automatic fail over, re-installation of instances on failed hardware can be done without interruption. In the event of a catastrophic failure and ability to only access cross data center backup may require up to 24 hours.

Monitoring

Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.

Disaster Recovery

Maropost performs cross data center replication for disaster recovery. Data is transmitted across encrypted links and disaster recovery tests verify our projected recovery times and the integrity of client data.

Regulatory Compliance

Maropost’s data center hosting provider is ISO/IEC 27001 certified.  Both Maropost and its hosting provider maintain PCI-compliant policies and procedures.  Maropost’s SaaS platform includes built-in governance that comply with requirements specified by CAN-SPAM, TCPPA, CASL,  and PIPEDA.  Maropost aggressively enforces its requirement that each of its clients comply with these regulatory specifications.  Clients failing to comply will receive a written warning. If practices remain uncorrected, they will have their contract immediately terminated and all access privileges revoked.

Learn More

Download the full copy of Maropost’s Security Protocol. For additional information, download a copy of our Security Policy.

Download Information