Security FAQ
This section provides quick answers to common questions about security at MessageFlow. For more detailed information, please refer to the relevant sections of our Trust Center.
General Security & Compliance
What are MessageFlow's key security certifications?
We hold several internationally recognised certifications, including ISO 27001 for Information Security Management, ISO 27018 for Personal Data Protection in the Cloud, and ISO 22301 for Business Continuity Management. We are also a member of the Certified Senders Alliance (CSA). You can learn more in our Certifications & Audits section.
Where is my data physically stored?
All customer data is stored in secure, certified data centres located within the European Economic Area (EEA). We partner with industry-leading providers to ensure the highest level of physical security. For a full list of our infrastructure partners, see the Sub-processors section.
How does MessageFlow comply with GDPR?
We are fully committed to GDPR compliance. As your Data Processor, we process data only on your behalf. Our responsibilities are formalised in our Data Processing Agreement (DPA). You can find more details in the Data Protection & Compliance section.
Where can I find the legal terms of service?
The main legal document governing our relationship with our clients is the Framework Agreement on the Provision of Services by Electronic Means. The Privacy Policy and the Data Processing Agreement (DPA) are integral parts of this agreement. You can review the main agreement here.
Can I sign a Data Processing Agreement (DPA)?
Yes. The DPA, an appendix to our Framework Agreement, is an integral part of our terms of service. To review or sign a copy, please contact our support team.
Account Security
What is the single most effective way to secure my account?
Enabling Two-Factor Authentication (2FA) is the best step you can take. It provides a powerful second layer of security, even if your password is compromised.
Can I restrict who can log in to my account?
Yes. We highly recommend using the IP Access Control feature to whitelist specific IP addresses for panel, and IP Authorization for SMTP servers. You can also manage team access through User and role management.
What should I do if I suspect my account has been compromised?
Act immediately. First, reset your password. Second, review the list of active users in your account and check for any unrecognized activity. Finally, contact our support team right away so we can help you investigate.
Platform & Sending Security
Is my data encrypted?
Yes. We use encryption to protect your data both in transit (using protocols like TLS) and at rest (while stored on our servers). You can find more details in the Data & Infrastructure Security and Email Communication Security sections.
Why is Sender Authorization (SPF, DKIM, DMARC) so important?
These protocols are essential for email deliverability and brand protection. They prove to receiving mail servers that you are a legitimate sender, which prevents your emails from being marked as spam and protects your brand from being impersonated by phishers. Learn more in our Senders Authorizationdocumentation.
How does MessageFlow protect against phishing and SMS fraud?
Our proprietary Shield 360 technology provides real-time protection against threats by analysing links and monitoring traffic in collaboration with security partners like CERT Polska and Google Safe Browse.
How do I report abuse or spam?
If you receive a suspicious message sent from our platform, please forward it to our support team for investigation. For general smishing, we recommend reporting it to a national body like CERT Polska. Find more details in the Abuse Policy and Reporting section.
Last updated