Data Security Policy

Global Email Lists (“we”, “us” or “our”) is committed to safeguarding the confidentiality, integrity and availability of all data we collect, process and store. This Data Security Policy outlines the technical and organisational measures we implement to protect your information.

1. Scope

This policy applies to all personal and business data collected through our website, services, client engagements and internal operations. It covers data in all formats — electronic, paper and verbal.

2. Data Classification

We classify data into the following categories to apply appropriate security controls:

• Confidential: Client data, B2B contact records, financial information, authentication credentials and internal business strategies.
• Internal: Employee records, operational documents, vendor contracts and internal communications.
• Public: Marketing materials, published blog content, pricing pages and publicly available company information.

3. Data Encryption

3.1 Data in Transit

All data transmitted between our servers and your browser is encrypted using TLS 1.2 or higher. API communications use HTTPS exclusively. Email transmissions containing sensitive data use TLS encryption where supported by the recipient’s mail server.

3.2 Data at Rest

Stored data is encrypted using AES-256 encryption. Database backups, file storage and archived records are all encrypted at rest. Encryption keys are managed through a dedicated key management system with automatic rotation.

4. Access Controls

• Role-Based Access: Access to data is restricted based on job function and the principle of least privilege. Employees only access the data necessary for their role.
• Multi-Factor Authentication: All internal systems require multi-factor authentication (MFA) for access.
• Password Policy: Strong password requirements are enforced, including minimum length, complexity and regular rotation.
• Session Management: Automatic session timeouts and re-authentication are enforced for inactive sessions.
• Access Reviews: User access rights are reviewed quarterly and promptly revoked upon role changes or termination.

5. Network Security

• Enterprise-grade firewalls and intrusion detection/prevention systems (IDS/IPS)
• Network segmentation to isolate sensitive data environments
• Continuous network monitoring and threat detection
• DDoS mitigation through cloud-based protection services
• Regular vulnerability scanning and penetration testing

6. Data Backup and Recovery

We perform daily automated backups of all critical data. Backups are encrypted, stored in geographically separate locations and tested regularly for integrity and recoverability. Our disaster recovery plan ensures data can be restored within defined recovery time objectives (RTO) and recovery point objectives (RPO).

7. Incident Response

We maintain a documented incident response plan that includes:

• Detection: Automated monitoring and alerting systems to identify potential security incidents in real time.
• Containment: Immediate isolation of affected systems to prevent further exposure.
• Investigation: Root cause analysis conducted by our security team.
• Notification: Affected parties and relevant regulatory authorities are notified within the timeframes required by applicable law (e.g., 72 hours under GDPR).
• Remediation: Implementation of corrective actions to prevent recurrence.

8. Third-Party Security

All third-party service providers with access to data are subject to security assessments before engagement. Vendors are contractually required to maintain security standards consistent with this policy and applicable regulations.

9. Employee Training

All employees receive security awareness training upon hiring and annually thereafter. Training covers phishing prevention, data handling procedures, password hygiene, social engineering awareness and incident reporting protocols.

10. Physical Security

Our offices and data processing facilities are protected by access control systems, surveillance cameras, visitor logging and secure disposal procedures for physical media containing sensitive data.

11. Compliance

This policy is aligned with the requirements of GDPR, CCPA, CAN-SPAM, CASL and other applicable data protection regulations. We conduct regular internal audits and reviews to ensure ongoing compliance.

12. Policy Updates

This Data Security Policy is reviewed and updated at least annually or whenever significant changes occur in our data processing activities or the regulatory landscape.

For related policies, please also review our Privacy Policy and Information Security Policy.

Contact Us

If you have any questions about this policy, please contact us:

• Email: info@globalemaillists.com
• Phone: +1 855 205 1777
• Address: 9450 SW Gemini Dr PMB 60111, Beaverton, Oregon 97008-7105 US