Emarsys handles data related to the email recipients which is generated and sent by the platform, and is referred to as Personally Identifiable Information (PII). This page describes the flow of recipient-related data within Emarsys, with the focus on information security.
This section describes the flow of PII data within Emarsys in a step by step manner, the following diagrams are intended to provide a holistic view of the system architecture and the related processes.
Emarsys System Architecture Overview
The image below shows the architecture of the Emarsys application.
Our software development process follows a strict and secure coding principle.
The development team has a thorough understanding of existing infrastructure components, which is necessary to ensure that the deployment of the software is, firstly, operationally functional and, secondly, will not weaken the security of any existing environment. Development teams also participate in regular security trainings. All of our software development goes through internal security testing by Emarsys before undergoing independent assessment by external IT security firms that specialize in software and system security.
Emarsys production environments are hosted at high-security data centers that conform to ISO 27001 Information Security standards. To ensure continuity of service the data centers provide the following:
- secured electricity through uninterrupted power supply units and backup generators
- 24/7/365 access control and surveillance
- automatic fire detection and extinguishing system
- redundant climate control and cooling systems
- high availability and guaranteed SLAs
Emarsys operates high-performance redundant firewall clusters which are kept up to date with automated security updates, and have regular performance tuning performed on them.
Operating system security
Emarsys uses a managed environment built of UNIX operating systems which offer the highest levels of performance and stability. System updates are implemented regularly to ensure that all our systems always have the latest security patches, and all accounts are secured using strong passwords. As an additional security measure direct root access has been disabled.
Each database server cluster is located in its own local subnet, all of which have access severely restricted so that only personnel with the correct authorization can access them.
Maintenance and monitoring
All systems are maintained and monitored in accordance with manufacturers’ recommendations on a 24/7/365 basis. Monitoring includes:
- Ensuring system availability (hardware, services, applications and connectivity)
- Performing regular log file analysis
- Performing regular firewall analysis
- Implementing security updates
- Security monitoring
Emarsys, as a database product, allows synchronization of recipient data with customer systems. Demographic information can be synchronized into standard fields while custom fields allow any information to be stored along recipients. The following sub-chapters describe methods to import recipient information into the system.
Importing into Emarsys Databases
.csv files may be placed on WebDAV folders independently set up for each customer. By setting up automatic imports, files stored here are automatically processed by the system and the changes are propagated into the Emarsys database. Auto-import can also be configured to retrieve data from the FTP/SFTP/FTPS/Web server of a customer.
Emarsys provides a RESTful API to retrieve recipient information and update it. Customers can set up automated synchronization processes that work via the API.
Registration forms can be created in order to easily integrate with the database. Registration forms can be embedded into customer’s web sites, allowing the creation and update of contacts directly from the website.
Contact data, as well as response data, can be exported from Emarsys. The exported file is either placed on the Emarsys web server on a password protected storage area or automatically uploaded to the customer’s FTP/SFTP/FTPS server.
Emarsys’ Data Security Policies guarantee a strict separation of all customer data, especially PII data. This section describes how the PII data is secured in each stage as it is processed by Emarsys, and focuses on the data retention time.
Storage of Recipient Data
Each customer receives their own set of tables in the database that hold information on recipients and actual launches. Since the data is logically separated, customers are not able to access each other’s data. The database is only accessible from inside our server farm protected by our firewall, so the only means to access from the outside is through the application itself. The application implements password authentication, IP restriction, and Two-factor Authentication with SMS or time-based authentication in order to protect customer data. The application runs on secure HTTPS channel.
Data is imported into the system via WebDAV or via the FTP or web server infrastructure provided by the customer. WebDAV is accessed through HTTPS and customers are assigned their own folders, which protects their data from other customers. The WebDAV folders are password-protected. Customers may optionally encrypt their files with PGP for added security. When data is provided on a customer’s FTP/FTPS/SFTP or Web Server (HTTP/HTTPS), the application checks for new files at regular intervals and downloads them with the credentials provided by the customer.
Generation and Sending of Emails
The generation of the personalized emails as well queuing for delivery is taken care of in Emarsys backend.
Tracking of Recipient Responses and Mail Reports
The tracked Recipient Response and Mail Report data is stored in the main database. Again there are distinct tables per customer to guarantee a logical and physical separation of data.
Authorized administrators of a customer may export recipient and response data from the system. Delivery of the exported CSV files is done through Emarsys Web servers or a customer’s FTP/FTPS/SFTP server. When Emarsys provides the files on the web server, the link is emailed to an email address authorized by the customer and credentials must be provided when accessing the files. Optionally files can automatically be uploaded to the FTP/FTPS/SFTP server of the customer.
Data Retention Period
- The data stored on Emarsys WebDAV is automatically deleted by Emarsys’ Maintenance Process after a pre-defined retention time. The maintenance process runs every day, where a check is performed to identify data needing deletion.
- By default, the data retention periods are:
- 7 days for the WebDAV Import folder.
- Data may be optionally removed by Emarsys from the customer’s FTP server after processing, otherwise it is the customer’s responsibility to remove them.
- All PII data which is stored in Emarsys databases is kept permanently in the main database and safeguarded by the mechanisms described above.
Emarsys uses the Transport Layer Security (TLS) encryption protocol to encrypt all emails sent through its infrastructure. This is the industry standard for email security and ensures that messages cannot be read by third parties while in transit. In a recent Transparency Report by Google, Emarsys was listed as one of only two European providers to use such encryption technology.
Emarsys uses X.509 certificates issued by VeriSign. Furthermore, all of our certificates use 2048 bit RSA key pairs. Emarsys servers also offer forward secrecy (Diffie-Hellman and Elliptic Curve Diffie-Hellman) and modern cipher suites (AES256-GCM) with today’s browsers. These security standards ensure the highest level of data-in-transit protection for our customers.
Request validation and authentication
Escher is a stateless HTTP request-signing specification to provide secure authorization and request validation. It adds an additional security layer and an authentication layer over HTTPS. The algorithm is based on Amazon’s AWS4 authentication. The protocol ensures the requests’ integrity, and also provides a solution for pre-signing URLs with expiration time.
User access requires authentication using a valid username and a strong password in accordance with our password policy. In addition, access to all Emarsys services may be restricted by IP so only users at authorized locations can use them. If a user tries to log in from an untrusted location with IP restriction enabled we offer Two-factor Authentication, so login is only possible after the user enters a one-time password generated by an authenticator application, or received via SMS or voice call.
Every authentication attempt is recorded and an automatic procedure takes care of temporarily locking out accounts with too many failed password attempts. Our users are also required to change their password regularly. Our password policy will not let them change to a password they recently used.
Emarsys employee data access
All customer data is owned solely by the respective customer, no one else. The only people at Emarsys that have access to that data are members of the Operations team tasked with maintaining and monitoring the application, as well as Client Services personnel who work with customers on optimizing their marketing campaigns. All such access is logged in detail.
Confidentiality is ensured by non-disclosure agreements in Emarsys employee contracts, as well as the strict guidelines laid down in accordance with the ISO 27001 requirements with regards to how confidential information is stored and processed internally. Any information provided by our customers is automatically classified into the highest confidentiality class used at Emarsys.
Geographical data regulations
Emarsys’ servers holding the customer data are all based within the EU, meaning that all laws and regulations relating to data handling on a national and federal level are observed in accordance with the EU regulations.