Security Policy

MailBigFile is a processor for your data. This means that we have an obligation and responsibility to you, the customer, to maintain the highest standards for data protection, security and transparency. This document aims to outline these.

MailBigFile pledges to only use your personal data for the purposes outlined henceforth in this document and by using and/or signing up to our service, you agree to allow us to use your data for these purposes.

We will endeavour to comply with all of your requests as and when they are received unless legal exceptions apply.

Your Data

Some personal data is stored and collected by us for analytical and security purposes. We also use this information so that we can identify or contact you should the need arise. Some of your personal data is retained for company tax accounting records and to allow customers to easily reactive their MailBigFile account.

Your data can be removed at your request. If you desire this, please contact us by mailing Otherwise your data will be retained for five years from the termination of your contract with us.


A sub-processor is a third-party that we use to process your data on your behalf. These are commonly used as they provide greater assurances and protection for your personal and physical data.

MailBigFile currently uses four sub-processors for your data: Amazon Web Services, Sagepay, PayPal and Google. These are used for your files (data), payment and analytics respectively.

Amazon Web Services Resources

AWS GDPR Processing Addendum:

Security documentation:

Compliance documentation:

Compliance Data Center Controls documentation:

Compliance Data Center Controls documentation:

Sagepay Resources

Privacy policy:

Security policy:

PayPal Resources

Privacy Policy:

Security Policy:

Should any changes occur to the sub-processors we use, we will mail and inform all of our paid customers. As a paying customer, you will have the ability to voice any objections to the change we make by mailing us. Should no agreement be made between the customer (controller) and us (the processor) after a change has been made to a sub-processor, a pro-rata refund will be offered.

The information we hold

MailBigFile Business Account - Your company name, company address, company telephone number, company contact, email address and IP Address when a file is uploaded.

MailBigFile Pro Account - Your name, company address (optional), email address and IP Address when a file is uploaded.

MailBigFile Free Account - Your email address and your IP when a file is uploaded.

Recipient - We also process some of the recipient's personal data as is reasonably necessary for us to provide users with the service based on a legitimate interest for the aforementioned. We store the following data for a recipient:

  1. Their Email Address:
    1. To identify and send them an email so they can retrieve the file a sender has sent them.
    2. For a paid customers mailing list or address book, to streamline a sender's sending activities.
  2. Their IP address
    1. For security purposes to prevent misuse of the system.

As with all other data we hold, the recipient can at any time request that we remove their data from our system.

All data relating to card payments is processed by our payment provider Sagepay UK ( using their industry standard secure token system. We do not store your payment card details.

We do not share or transfer your data to any 3rd party except when required to do so by law. However we may from time to time send you marketing emails regarding the MailBigFile service. You can opt out of these at any time by unsubscribing through your account.


MailBigFile protects all personal data using an industry standard Advanced Encryption Standard (AES-256) encryption algorithm to encrypt data at rest and Transport Layer Security (TLS) 1.2 during transfers. You can tell if your current session is encrypted by looking for the green padlock next to the website name.

All your data is protected by fully managed AWS firewalls, daily backups and updates to our servers and databases to ensure the latest security patches are applied. Only key technical staff have direct access to these servers and all staff members with access to your personal data have agreed to a confidentiality clause in their contract.

In the event of a data security breach we will contact all affected members within a reasonable time frame from when the breach is first discovered with information about said breach and our recommendations on what steps you can take to keep yourself and your data protected. Our datacenters are regularly maintained and assessed to ensure we are using all the latest technology to provide you with the best possible service.

Your Rights

You have the right to:

  1. Request removal of your data from our servers at any time for any reason.
    1. We reserve the right to deny any request made for data removal.
    2. When you request for your data to be removed, we will remove all personal data on your account. This includes:
      1. Your email address.
      2. Files you have sent.
      3. Your audit log.
      4. Your address book.
      5. Any recipients on your account.
      6. All users on your account.
    3. Anything that exceeds this amount may incur a small administrative fee of £25. Please note that all data from our databases is automatically removed after 5 years.
  2. Request access to any data that we may store about you.
  3. Request that we prohibit the use of your email for receiving, sending or marketing purposes.
    1. Please note that in order to facilitate this request we will need to store your email address.
  4. Object to any changes that we make.
If you wish to make a complaint regarding any of the above or if we deny a request, please contact a supervisory body for your jurisdiction (for example in the United Kingdom, ICO).

If you would like to request any of the above, please contact us via our email address


When you upload files using our service, if you are using the free service or our direct uploaders, these files will be uploaded to a location closest to your current location as best estimated by your IP. All other uploads on the Business and Pro service will be held within the EU and US respectively. Business users can set their location to a specific country if this is required.


Files downloaded from our website are downloaded using Amazon Web Services content delivery network CloudFront. This means that when a client or customer downloads a file, the file is temporarily moved to a location closest to them to provide them with the fastest download speeds possible.

Data Centers

Our datacenters are used to process and store your data. Please refer to the below where these are located for your information.

The MailBigFile Business service is run on Amazon Web Services (AWS) in their EU Ireland datacenter.

The MailBigFile Pro service is run on Amazon Web Services (AWS) in their US datacenter.

The MailBigFile Free service is run on Amazon Web Services (AWS) in their US datacenter.

If you have any other queries or require any clarification on the above, please don't hesitate to contact us via our email address and we will respond forthwith.

Should the nature of this contract change, we will endeavour to notify all of our paying customers within the week of this change.