All data is encrypted during transit using TLS v1.2. At rest, all personal data is encrypted with AES 256. All PII is redacted within a tightly controlled data processing environment with limited access. The redaction process removes any PII that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual.
Yes, Return Path conducts periodic reviews of our security policies and practices through independent third-party auditing services, including ISO certifications and Statements on Standards for Attestation Engagements No. 16 (SSAE 16) Reporting on Controls at a Service Organization (SOC 2) Audits, as well as internal auditing services and other assessments deemed appropriate. We perform quarterly application vulnerability assessments, monthly network vuln scans, and audit our external networks weekly.
Return Path is very proud to be a certified member of the the EU-US Privacy Shield program. The EU-US Privacy Shield Framework is the successor of the previously invalidated EU-US SafeHarbor program. Privacy Shield was designed by the U.S. Department of Commerce in conjunction with the European Commission to provide companies in both regions a way to comply with EU data protection requirements when transferring personal data from the European Union to the United States.
Membership in this program is yet another demonstration of our commitment to protecting data and adhering to the highest standards of PII protection.
We only stores data when absolutely necessary (data minimization). We follow industry standard best practices when handling any kind of sensitive information, including SSL and strong encryption (TLS v1.2 and AES 256). Also, Return Path has a Chief Privacy Officer, who is focused on making sure that everyone’s data is secure.
Email accounts connected to Notifier are included in the Return Path Panel, an anonymized and aggregated report about commercial email campaigns these accounts receive.
When we say “anonymized and aggregated”, what we mean is if you take any random record from that report it will be impossible for you to trace it back to a single origin email account, let alone know who owns that email account.
These anonymized and aggregated reports are used to power some of Return Path’s products to improve the email ecosystem, such as spam prevention, and email deliverability tools, among others.