eMarketeer Information Security Policy

eMarketeer AB (“eMarketeer”) is a leading provider of SaaS-based e-marketing services. Our platform helps automate information distribution, responses, and follow-ups to enhance customer communication and service.

Personnel Security

Roles and responsibilities for both employees and contractors are clearly defined. All candidates undergo background checks in line with applicable legal, regulatory, and business requirements. We maintain a competence plan to ensure all staff are aware of relevant security practices and vulnerabilities.

All employees, temporary staff, and contractors sign NDAs to protect sensitive information.

Physical and Environmental Security

Areas containing critical equipment and information are secured with appropriate access control. These areas are protected against environmental risks such as fire, water, and dust.

Encryption

We use internationally recognized encryption methods to protect all stored data.

Access Control

Only authorized personnel can access eMarketeer systems, based on their roles. Unique usernames and passwords are required, and two-factor authentication is enforced on critical systems.

Access to systems is granted on a “need to know” basis, and all access is protected using secure HTTPS logins and license agreement acceptance.

Secure Development

We follow a Security by Design approach. Code is developed and tested rigorously using automated/manual tests, including beta testing, integration testing, and load testing.

Production changes follow formal procedures. All code is reviewed and tested in isolated environments before deployment. Internal acceptance and risk assessments are mandatory.

Penetration testing is performed regularly. We collaborate with security advisors like Watchcom AS for assessments, testing, and consulting.

Security Measures in eMarketeer Applications

Hosting

All data is hosted on AWS infrastructure located within Europe.

Encryption

We secure personal data in transit and at rest using encrypted communication (SSL/TLS).

Personnel Security

Access to our offices is controlled. Personnel involved in system operations are vetted and trained to fulfill their responsibilities securely.

Physical and Environmental Security

All data is stored on secure AWS servers in Europe. More details: https://aws.amazon.com/security/

Application Security

Cookies

Cookies are used for technical functionality. The service requires user acceptance of cookies.

Operational Procedures and Responsibilities

Scheduled outages are communicated at least 24 hours in advance via status.emarketeer.com.

Performance and capacity are continuously monitored. Critical patches are applied as soon as possible. System maintenance is usually performed biweekly (Fridays 00:00–06:00 CET).

Service Availability

We aim for 24/7/365 availability. Maintenance is scheduled outside business hours and kept minimal. Emergency patches are applied outside working hours (approx. 18:00).

Downtime is usually brief and maintenance notices are displayed on the login screen at least 24 hours in advance.

Backup

All data has 30-day point-in-time backup with monthly snapshots retained for 12 months.

Access Control to eMarketeer Services

Unauthorized access is blocked by firewalls. SSL encryption and user authentication secure access for authorized users only.

Access to Personal Information

Users may log in and update their personal data at any time.

Access to Stored Data

Customers assign user roles with appropriate access levels. Customers are responsible for managing access permissions.

User Access Management

User rights are managed by the Customer. Authentication is via username and password. Password policies are Customer-defined, and users are responsible for their credentials.

Termination

When a Customer’s agreement ends, system access is revoked. Customers may request data export in a generic format. See the “Deactivation / Exit” section for more.

Business Continuity Management

eMarketeer has a disaster recovery plan and builds infrastructure with high availability and redundancy.

Deactivation / Exit

When a Customer’s subscription ends, the account is deactivated. After 30 days, all data is deleted from servers. Backups are retained as per backup policy.

Contact Information

For questions, please contact our Data Protection Officer at privacy@emarketeer.com.