Exclaimer

Exclaimer

Search the Trust Center...
Ctrl +K

Exclaimer | Trust Center

Everything you need to complete your security review is here. Browse documents, certifications, and compliance details with confidence. Our Trust Center is regularly updated to reflect the latest audit results, and subprocessor disclosures.


Badges

hipaa
HIPAA
gdpr
GDPR
ccpa
CCPA
pci
PCI
iso-27001-2022
ISO 27001:2022

Quick Summary

Has a formal mobile device management (MDM) program

Subprocessors list available

Deletes customer data on request

Uses a centralized IAM solution (SSO) to manage employee access


Documents & Knowledge Base FAQs


Featured Documents


Subprocessors
18

Subprocessor
Location of Processing
Usage Details
Anthropic

Anthropic

United States
Used to provide some AI features within our subscription services. Types of data: User prompts and uploaded content; account metadata and usage logs Note: Opt in only. Information provided to these models is not used to train third-party models. Privacy information: https://www.anthropic.com/legal/data-processing-addendum
Cloudflare

Cloudflare

United States, United Kingdom, United Arab Emirates, Germany, Canada, Australia, Ireland
Content delivery of it network, DDoS mitigation, and WAF services. Edge locations in each region locally Types of data: Data traverses through Cloudflare networks to reach our infrastructure hosted in Microsoft Azure Privacy information: https://www.cloudflare.com/en-gb/trust-hub/privacy-and-data-protection/ https://www.cloudflare.com/network
Datadog

Datadog

United States
Application and system logging, monitoring and analytics Types of data: Telemetry data; sender information; recipient and subject Privacy information: https://www.datadoghq.com/privacy/
Global Payments

Global Payments

United Kingdom
Credit Card Processing Services (only utilised if paying by Credit Card)
GoCardless

GoCardless

United Kingdom
Direct debit payment handling facility - only used if you pay via direct debit
Google Cloud

Google Cloud

United Kingdom, United States, Germany, Netherlands, Australia, Canada, United Arab Emirates, Ireland
Cloud Provider for Email Signature Solutions (only utilised if using Google Workspace email service). the locations where data is processed is dependant on which region you select in the product - UK/US/EU/AU/CA/UAE
Google reCAPTCHA

Google reCAPTCHA

United States
Purpose/Role: Google reCAPTCHA; link validation. Types of Data: Visitor IP address, browser/device fingerprint, mouse and interaction data, cookies. Privacy Information: https://safety.google/safety/privacy-practices/
Google Tag Manager

Google Tag Manager

United States
Purpose/Role: Used to identify and load in other tools for the user. Types of Data: Attributes such as user, tenant ID, company size, location to enable segmentation. Privacy Information: https://support.google.com/tagmanager/answer/9323295?hl=en
Google Workspace

Google Workspace

United Kingdom
User authentication service Types of data: Name; email address; and profile picture URL Privacy information: https://safety.google/safety/privacy-practices/
Maven AGI

Maven AGI

United States
Purpose/Role: Product chatbot available to users within our service. Types of Data: Chat user and subscription data such as username, email address, subscription ID, chat history. Privacy Information: https://www.mavenagi.com/resources/data-security-privacy-the-foundation-of-mavens-ai-solutions
Microsoft

Microsoft

United Kingdom
User authentication service Types of data: Data accessible following consent is: display name; given name/surname; username/user principal name; object ID (unique identifier); tenant ID; email Note: No data is passed up from the Exclaimer side Privacy information: https://www.microsoft.com/en-gb/privacy/privacystatement (Microsoft Account section)
Microsoft Azure

Microsoft Azure

United Kingdom, Canada, United Arab Emirates, Ireland, Netherlands, Australia, United States, Germany
Cloud Hosting Provider - the locations where data is processed is dependant on which region you select in the product - UK/US/EU/AU/CA/UAE Also used for hosting of service delivery infrastructure. Types of data: Information synced from customer systems regarding users; metadata; signature/branding templates. Data required for billing purposes (number of messages processed) is stored in the EU. Privacy information: https://www.microsoft.com/en-us/trust-center/privacy
Microsoft Content Safety

Microsoft Content Safety

United Kingdom
Purpose/Role: Automated AI content moderation and platform safety analytics. Types of Data: User-uploaded text strings, image files, risk severity scores, and transaction metadata. Privacy Information: https://learn.microsoft.com/en-us/azure/ai-foundry/responsible-ai/content-safety/data-privacy
Microsoft PhotoDNA

Microsoft PhotoDNA

United Kingdom
Purpose/Role: Automated AI content moderation, specifically checking for illegal content. Types of Data: Only the generated image hash is transmitted and compared. The original uploaded image file is not transferred to, or stored by, Microsoft. Privacy Information: https://www.microsoft.com/en-us/photodna
Salesforce

Salesforce

United Kingdom
Exclaimer uses Salesforce for customer relationship management (CRM)
SendGrid

SendGrid

United Kingdom, United States
Sending product side emails such as password reset and 'invite IT admin' Types of data: Information to merge into the email Note: SendGrid is a Twilio product Privacy information: https://www.twilio.com/en-us/legal/privacy
Stonly

Stonly

France
Purpose/Role: Knowledge based prompts to be placed within our service to aid Users. Types of Data: Device and browser details, IP address, guide activity, subscription data such as username, email address, subscription ID. Privacy Information: https://stonly.com/privacy
Zendesk

Zendesk

Ireland
Inbound ticket management system for customer queries Types of data: Customer data as provided by ticket requester Privacy information: https://www.zendesk.com/trust-center/
Last updated . .
View as:

Trusted by

Bank of America
Cisco
AT&T
BBC
Formula 1
Unilever
Xerox
Make-A-Wish

Announcements

SOC 2 Type 2 Renewal

We're thrilled to announce the successful renewal of our SOC 2 (Service Organization Control 2) certification, solidifying our commitment to maintaining the highest data security standards. This accomplishment serves to demonstrate Exclaimer as the most secure provider in the market.

The latest report and certificate are now available within the Trust Portal.


NCSC Cyber Essentials Renewal

We are happy to share that Exclaimer has successfully renewed its NCSC Cyber Essentials certification. Certification demonstrates our continued dedication to maintaining a high level of cybersecurity.

Cyber Essentials provides a framework that guides us in improving our internal processes to protect against common security threats.

The benefits of this certification include enhanced security, increased customer trust, and validation of our processes for customers, partners, and suppliers.


ISO27001 Certification Renewal

We are excited to share that Exclaimer has successfully renewed its ISO27001 certification with zero major or minor non-conformities. This achievement demonstrates our continued commitment to maintaining the highest privacy and security standards.

The latest report and certificate are now available within the Trust Portal.


ISO/IEC 27018:2019

We are pleased to announce that we have been successfully re-audited against the ISO27018 code of practice, reaffirming our commitment to securing personal data in the cloud.

The 2023 report and certificate are now available within the Trust Portal.


Cloud Security Alliance CAIQ Update - v4.0.2

Exclaimer is a member of the CSA (Cloud Security Alliance), and originally completed the CAIQ in 2020. Since then we have continually updated it in line with changes to our business operations, helping hundreds of prospective customers understand our security posture more clearly.

This quarter Exclaimer updated our CAIQ to v4.0.2. This update adds additional information that detail which organisation (either Cloud Provider, Cloud Customer, or third party) a control is owned by.


Exclaimer is now SOC 2 compliant

We are delighted to announce that we have received our SOC 2 Type II attestation report. The audit covers a period from 1/09/2022 to 01/12/2022, and includes the trust services criteria for Security, Availability, and Confidentiality.

Exclaimer’s SOC 2 compliance augments our commitment to the best privacy and security practices. Exclaimer is the only email signature solution provider to achieve both ISO and SOC compliance.


Powered by Conveyor, the first end-to-end customer trust platform.
Learn more