Data security & privacy
Our platform is used in organizations and countries where data security & privacy is a priority. We're trusted and used by hundreds of communications teams worldwide, and in some of the world’s most security conscious organizations.
Industry-leading data security & privacy
ISO 27001 accredited
We are one of the few vendors in our industry to have achieved ISO 27001 accreditation – the international information security standard.
We keep your content safe
With single sign-on integration and IP validation we can protect your data and ensure it is only accessible from within your organization.
We are Software as a Service
You don’t need to install any software, making it far easier to gain internal approval. Plus you will always have the latest version of our product.
Minimal IT work required
We’ll provide your IT team with information on the simple steps required to ensure your content stays secure and communications are delivered perfectly.
Data privacy governance
We regularly assist the communications and data privacy teams within organizations, to address and balance their respective requirements. This is often informed by our experience with the applicable legislation (including state, sectoral and cross-border laws in the USA, or 95/46/EC and GDPR in Europe), and the functional and non-functional options within our solutions – which assist in complying with those laws.
Account level and report level anonymization options for compliance with data anonymization requirements.
Granular management of subscriber preferences for compliance with consent and transparency expectations.
Role-based security and authentication for compliance with least privilege policy norms.
Specific data processing agreements or standard contractual clauses for compliance with contractual data privacy controls.
Separate hosting options in Europe and the USA for compliance with restrictions on the location of data.
Best practice guidance for balance between communication and privacy requirements.
The following features are all configurable on request.
Two-factor authentication available
Automatic lock out after 5 failed logins
Require security question to validate new IP
SSO for administration system and microsites
HTTPS required for access to system
External penetration testing every 6 months
Full searchable audit log built into the system
Role based security system built into the app
Monthly external vulnerability tests on all external facing services
Option to force TLS encryption for all email exchanges
Automatic lock out of IP addresses after 10 failed login attempts in 10 minutes
Poppulo has always been committed to the protection of customer data. By attaining this standard we have demonstrated the level of importance we place on security and our continued dedication to ensuring the highest levels of security are always maintained. ”