Security at MailShield
We build an email security product, so we take the security of our own platform seriously. Here is how we protect your data.
Last updated: February 2026
How We Protect Your Data
Security is built into every layer of our platform, from infrastructure to application code.
Encryption in Transit
All connections to MailShield are encrypted using TLS 1.2 or higher. We enforce HTTPS across all our services, APIs, and webhooks. HSTS headers ensure your browser always uses a secure connection.
Encryption at Rest
All customer data, including DNS monitoring results, processed reports, and account information, is encrypted at rest using AES-256 encryption. Database backups are encrypted with the same standard.
EU Data Hosting
All data is stored and processed on servers located in the Netherlands within the European Union. We do not transfer customer data outside the EEA. Our infrastructure providers are GDPR-compliant and ISO 27001 certified.
Access Controls
Access to production systems is restricted to authorized personnel using multi-factor authentication and role-based access controls. All access is logged and audited. We follow the principle of least privilege throughout our infrastructure.
No DNS Modification
MailShield is a read-only monitoring service. We never modify your DNS records, email server configuration, or any other part of your infrastructure. You remain in full control of your domain at all times.
Secure Development
We follow secure development practices including code reviews, automated security testing, and dependency scanning. Our deployment pipeline enforces security checks before any code reaches production.
Compliance and Privacy
We are committed to meeting the highest standards for data protection and regulatory compliance.
GDPR Compliant
As a Netherlands-based company, we are fully subject to and compliant with the General Data Protection Regulation. We process only the minimum data necessary and respect all data subject rights.
Data Processing Agreements
We maintain data processing agreements with all sub-processors that handle customer data. Our vendors are carefully vetted for their security and privacy practices.
Data Minimization
We collect only the data necessary to provide our service. DMARC and TLS-RPT reports contain email metadata (IP addresses, authentication results) but never email content or message bodies.
Regular Reviews
We regularly review and update our security practices, access controls, and vendor relationships to ensure they meet current standards and address emerging threats.
Infrastructure Overview
MailShield runs on infrastructure hosted in the Netherlands. Our architecture is designed for reliability and security:
- Isolated environments for production, staging, and development
- Automated backups with encryption, stored in geographically separate locations within the EU
- Network-level firewalls and intrusion detection systems
- Continuous monitoring of system health, performance, and security events
- Incident response procedures with defined escalation paths
Responsible Disclosure
We value the work of security researchers and welcome responsible disclosure of vulnerabilities. If you discover a security issue in our platform, we ask that you:
- Report it to us privately at hello@mailshield.app with "Security Disclosure" in the subject line
- Provide sufficient detail for us to understand and reproduce the issue
- Allow us reasonable time to investigate and address the vulnerability before disclosing it publicly
- Do not access, modify, or delete data belonging to other users during your research
We commit to acknowledging your report within 2 business days and will work with you to understand and resolve the issue. We will not take legal action against researchers who follow these guidelines in good faith.
Questions About Our Security?
If you have questions about our security practices, need a data processing agreement, or want to learn more about how we protect your data, we are happy to help.