Poppulo
WHY POPPULO
Product
Resources
  • Webinars & Guides
  • Blog
  • Product Demo
  • Developers

Data security & privacy

Our platform is used in organizations and countries where data security & privacy is a priority. We're trusted and used by hundreds of communications teams worldwide, and in some of the world’s most security conscious organizations.

Security hero illustration

Industry-leading data security & privacy

ISO 27001 accredited

We are one of the few vendors in our industry to have achieved ISO 27001 accreditation – the international information security standard.

We keep your content safe

With single sign-on integration and IP validation we can protect your data and ensure it is only accessible from within your organization.

We are Software as a Service

You don’t need to install any software, making it far easier to gain internal approval. Plus you will always have the latest version of our product.

Minimal IT work required

We’ll provide your IT team with information on the simple steps required to ensure your content stays secure and communications are delivered perfectly.

Data privacy governance

We regularly assist the communications and data privacy teams within organizations, to address and balance their respective requirements. This is often informed by our experience with the applicable legislation (including state, sectoral and cross-border laws in the USA, or 95/46/EC and GDPR in Europe), and the functional and non-functional options within our solutions – which assist in complying with those laws.

Functional

Account level and report level anonymization options for compliance with data anonymization requirements.

Granular management of subscriber preferences for compliance with consent and transparency expectations.

Role-based security and authentication for compliance with least privilege policy norms.

Non-functional

Specific data processing agreements or standard contractual clauses for compliance with contractual data privacy controls.

Separate hosting options in Europe and the USA for compliance with restrictions on the location of data.

Best practice guidance for balance between communication and privacy requirements.

Security features

The following features are all configurable on request.

Two-factor authentication available

Automatic lock out after 5 failed logins

Require security question to validate new IP

SSO for administration system and microsites

HTTPS required for access to system

External penetration testing every 6 months

Full searchable audit log built into the system

Role based security system built into the app

Monthly external vulnerability tests on all external facing services

Option to force TLS encryption for all email exchanges

Automatic lock out of IP addresses after 10 failed login attempts in 10 minutes