Information Security Management System Policy

Learn about more about how we keep our information secure.

Our Information Security Management System policy is available on request from our data protection officer, please email

About this document

If you are using any of the Email Hippo suite of products you need to be confident that your data is safe. If you’re seeking reassurance and information about the security of your data concerning our services, this document will provide general information and a flavour of our compliance and data processing practises. It’s intended to be a short read and to contain enough information, to reassure readers with a general level of interest. For contractual details of our Terms of Service and Data Processing Terms, please see our website for the most up to date versions.

If you have questions, please contact our Data Protection Officer by email at a

Data is valuable and we understand, why it can feel risky to share it

You need to be sure that when you select a data processor, you choose one that takes security seriously. We take it very seriously.

Five BIG questions

To ask any company providing software services, that include data processing:

  • Why should I trust you?
  • What do you do with my data?
  • Do you share it / sell it?
  • Is it safe when it’s with you?
  • Where is it processed?

Here are our answers:

1. Why should I trust you?

Because we are real people, providing a service we’re really proud of.

We’ve been validating email addresses since 2009. We are not the new kids on the block; we have a reputation for excellence to maintain. We were the first email validation company to have information security management systems that are accredited to the ISO 27001 international security standard. That means our accredited system is integral to our business practices. Our roles and responsibilities, concerning security are clearly defined; we audit our system every six months, and on an ongoing basis we capture and act upon all relevant information relating to security.

You are right to ask questions, and right to trust Email Hippo.

2. What do you do with my data?

Basically, we receive it, process it as quickly as we can and give it back.

Our suite of products work slightly differently to one another and provide results that range from simple to complex. Most of them have email address validation as a central service. When we validate email addresses, we contact the mail server for each address to check if the address is OK. Then we append the information about that email address and either return the data to you in real-time or make it available for you to download from your account.

When it comes to our customers’ individual personal information, we act properly to make sure we don’t gather, store or use data in any way, that is outside the law. When you become a customer your credit card details are handled in PCI compliant applications. We don’t store or manually handle credit card details or share any details with 3rd parties.

3. Do you share or sell my data?

We never share data.

We never sell data.

You haven’t asked us about storing data.

We store data securely in Europe for a maximum of 90 days before it’s automatically deleted. This is to enable our customers to have a window of time to download their processed files.

4. Is my data safe, when it’s with you?

As safe as it can be, but there is no such thing as a 100% guarantee.

The fact that our security systems are accredited to ISO 27001 shows that we have taken significant measures to keep information safe and continue to act in ways that give peace of mind to our customers.

Our pro-active approach ensures we reduce the likelihood of security issues, and manage associated risks. Like any other data processor, we can’t give an absolute guarantee of security; what you can be sure of is that because we have accredited systems in place, we are in a good position to ensure your data is protected from threats and manage information security breaches if they do occur.

5. Where do you process data?

All our servers which process and store your data are in Europe.

If we validate an email address where the mail server is outside Europe, the individual email address will briefly pass outside Europe when it is being validated, just as it would if you emailed that address

If you have questions about security and compliance, please get in touch with our Data Protection Officer;

For contractual details, please review the terms at