Information Security Management System Policy

Our Information Security Management System policy is available on request to our data protection officer. [email protected]

About this document

If you are using any of the Email Hippo suite of products you need to be confident that your data is safe. If you’re seeking reassurance and information about the security of your data in relation to our services, this document will provide general information and a flavour of our compliance and data processing practises. It’s intended to be a short read, and to contain enough information to reassure readers with a general level of interest. For contractual details of our Terms of Service and Data Processing Terms please see our website for the most up to date versions. If you have questions please contact our Data Protection Officer; [email protected]

Data is valuable and we understand why it can feel risky to share it

You need to be sure that when you select a data processor you choose one that takes security seriously. We take it very seriously.

Five BIG questions

to ask any company providing software services that include data processing:

  • Why should I trust you?
  • What do you do with my data?
  • Do you share it / sell it?
  • Is it safe when it’s with you?
  • Where is it processed?

Here are our answers:

1. Why should I trust you?

Because we are real people, providing a service we’re really proud of.

We’ve been validating email addresses since 2009. We are not the new kids on the block; we have a reputation for excellence to maintain. We were the first email validation company to have information security management systems that are accredited to the ISO 27001 international security standard. That means our accredited system is integral to our business practises. Our roles and responsibilities with regard to security are clearly defined; we audit our system every six months, and on an ongoing basis we capture and act upon all relevant information relating to security.

You are right to ask questions, and right to trust Email Hippo

2. What do you do with my data?

Basically, we receive it, process it as quickly as we can and give it back.

Our suite of products work slightly differently to one another and provide results that range from simple to complex. Most of them have email address validation as a central service. When we validate email addresses, we contact the mail server for each address to check if the address is OK. Then we append information about that email address and either return the data to you in realtime, or make it available for you to download from your portal.

When it comes to our customers’ individual personal information, we act properly to make sure we don’t gather, store or use data in anyway that is outside the law. When you become a customer your credit card details are handled in PCI compliant applications. We don’t store or manually handle credit card details or share any details with 3rd parties.

3. Do you share or sell my data?

We never share data.

We never sell data.

You haven’t asked us about storing data.

We store data securely in Europe for a maximum of 90 days before it’s automatically deleted. This is in order to enable our customers to have a window of time to download their processed files.

4. Is my data safe when it’s with you?

As safe as it can be, but there is no such thing as a 100% guarantee.

The fact that our security systems are accredited to ISO 27001 shows that we take significant measures to keep information safe and continue to act in ways that give peace of mind to our customers.

Our pro-active approach ensures we reduce the likelihood of security issues, and manage associated risks. Like any other data processor, we can’t give an absolute guarantee of security; what you can be sure of is that because we have accredited systems in place we are in a good position to ensure you data is protected from threats and manage information security breaches if they do occur.

5. Where do you process data?

All our servers which process and store your data are in Europe.

If we validate an email address where the mail server is outside Europe, the individual email address will briefly pass outside Europe when it is being validated, just as it would if you emailed that address

If you have questions about security and compliance, please get in touch with our Data Protection Officer; [email protected] For contractual details, please review the terms at

Remember. When it comes to security, you can’t go wrong with a Hippo on your side!