Security Policy

GDPR

MailBigFile will comply with the GDPR when it becomes enforceable on May 25, 2018.

Data Security

MailBigFile protects all personal data using an industry standard Advanced Encryption Standard (AES-256) encryption algorithm to encrypt data in transfer and at rest.

All servers are protected by fully managed AWS firewalls.

Server software is updated daily to ensure we have all the security latest patches.

Only key technical staff have direct access to our servers.

Data Location

The MailBigFile Business service is run on Amazon Web Services (AWS) in their EU Ireland datacenter.

The MailBigFile Pro service is run on Amazon Web Services (AWS) in their US datacenter.

The MailBigFile Free service is run on Amazon Web Services (AWS) in their US datacenter.

AWS Security documentation: https://aws.amazon.com/security/

AWS Compliance documentation: https://aws.amazon.com/compliance/

AWS Compliance Data Center Controls documentation: https://aws.amazon.com/compliance/data-center/controls/

AWS Compliance Data Center Controls documentation: https://aws.amazon.com/compliance/programs/

Your Data

MailBigFile Business account - The personal data we hold on our system is your company name, company address, company telephone number, company contact, email address and IP Address when a file is uploaded.

MailBigFile PRO account - The personal data we hold on our system is your name, company address (optional), email address and IP Address when a file is uploaded.

MailBigFile Free account - The personal data we hold on our system is your email address.

All data relating to card payments is processed by our payment provider Sagepay UK (https://www.sagepay.co.uk/) using their industry standard secure token system. We do not store your payment card details.

Data contained within the MailBigFile application itself is encrypted using Advanced Encryption Standard (AES-256) encryption.

We do not share or transfer your data to any 3rd party.

Data Retention

The personal data is retained for 5 years from termination of contract, unless the data controller requests removal.

To request removal of personal data please email our Data Protection Officer (DPO). Email: support@mailbigfile.com

Your personal data is retained for our company tax accounting records, and also to allow customers to easily reactive their MailBigFile account.