Security is our priority

MailUp supports companies when it comes to data and privacy protection. Our transparency policy is meant to provide you with all you need to feel secure on the platform

Data protection: our commitment

Every day, we commit to the principles that maintain trust in the cloud, as well as protect and secure data. We provide all our customers with the necessary tools to comply with the new regulations simply and straightforwardly.

Additionally, we have aligned the MailUp solution to the GDPR requirements by updating the Data Processing Agreement (DPA) contained in art. 2.3 of our license agreement.

MailUp's infrastructure compliance

Our infrastructure and security policies regularly undergo assessment and verification to guarantee their suitability with the highest standards of compliance in terms of data protection. This includes a Data Center located in Europe, the Data Loss Prevention protocol (DLP), Threat Protection systems, and periodic Vulnerability Tests.

MailUp's Data Protection Officer

In adhering to the GDPR, MailUp has appointed a Data Protection Officer to manage corporate compliance and act as a point of contact between the company and the competent authorities.

How to manage your contact data

All of these features can be enabled individually within the Preferences center.

Right to access

Export your subscriber data at any time via the Recipients > Export function or view the personal information of a single recipient within the platform.

Right to be forgotten

Choose to either totally delete the recipient from your lists or use the unsubscribe method for the right to be forgotten.

Right to object

Use the methods from the previous point or, through the Preferences Center, let the recipient unsubscribe (opt out) from any form of tracking and profiling.

Right of rectification

Change your contacts' currently registered personal data in their individual profiles or make sure, through the Preferences Center, that they directly update their own data.

Right to portability

Export your contacts' data from the platform at any time or enable the export of data, or part of it, directly from the Preferences Center.
Supporting your GDPR compliance

The new legislation requires companies to re-evaluate their data infrastructure and personal data processing. Compliance is not a simple task. This is why we carefully analyzed how to use our particular flexibility so that our customers can focus only on what matters.

Data access, management, and security

More freedom in choosing personal data

Application, communication, and data processing security

Handling sensitive data

Management and time limit of the consent

Tools for the subjects’ exercise of data rights and profiling

Frequently Asked Questions

I want to send MailUp the document appointing me as data processor (i.e., the Data Processing Agreement)

In order to facilitate negotiations with our customers by ensuring compliance with privacy regulation, our Data Processing Agreement (pursuant to art.28 of the GDPR) is contained in Section 2.3 of our license agreement, as possibly supplemented by the Data Processing Agreement sent to your administrative contact as specified on the platform. To view the signed user licence agreement, please follow the instructions in our guide: .

I want to ask MailUp to fill out an assessment questionnaire.

Due to the large number of clients and the different types of requests, we are unable to fill in every single assessment questionnaire. You can find more details on the MailUp infrastructure and GDPR compliance for completing your own assessment questionnaire on our blog and on our MailUp user manual.

I received an email sent via a MailUp platform and I want to exercise my rights or I want to report a treatment that does not comply with the European Regulation.

If you have received communications sent via the Platform, please check and confirm whether the sender of the communication is or In this case, we confirm that MailUp is processing your data as Data Controller and we kindly ask you to reply to this e-mail, confirming the above verification and the right you wish to exercise. If this is not the case, MailUp is processing your data as a Data Processor; therefore, to exercise your privacy rights, we suggest that you contact your clients directly by writing to the sender address of the communication.

Does MailUp transfer personal data outside the European Economic Area (EEA)?

When providing the service, MailUp may act both as Data Controller and as Data Processor. More specifically, MailUp acts as Data Controller when it processes its advisors and suppliers’ data, or those of users filling in forms or subscribing to newsletters via the website Instead, MailUp acts as the Data Processor when it processes the personal data (message contents, e-mail addresses, phone numbers) required by our customers to send messages. When MailUp acts as a Data Controller, personal data may be shared outside the European Economic Area (“EEA”). Your Personal Data are processed by these recipients in compliance with applicable law and by applying appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission or other safeguards considered adequate as set out in our privacy policy. When MailUp acts as Data Processor in the provision of our software - depending on the type and layout of the service purchased, which we invite you to verify by referring to the specific DPA executed with us - we use the following sub-processors: • Amazon Sarl, for the provision of support network services and storage of images uploaded by customers, including CDN (Content Delivery Network) and Web proxy services. We represent that personal data processed by this sub-processor will not be transferred outside the European Economic Area. • SMS aggregators, for the provision of the SMS traffic routing service to telephone operators. Depending on the location of the recipient of the text messages sent by our customers, we may use SMS aggregators located within the EEA and/or the UK (which, as is known, is the subject of an adequacy decision).

I want to know if MailUp acts as Data Controller or Data Processor.

MailUp acts as Data Controller when it processes its employees, advisors and suppliers’ data, or those of users filling in forms or subscribing to newsletters via the website Instead, MailUp acts as the Data Processor when it processes the personal data (message contents, e-mail addresses, phone numbers, IP addresses and data generated by the use of the MailUp platform) required by our customers to send messages.

I have identified the MailUp platform as the most suitable tool for complying with current privacy laws, but I need support.

If you have specific technical questions on how to take advantage of the tools provided by MailUp with regard to GDPR, such as:
  • (Re)Registration with confirmation,
  • Self-profiling campaigns,
  • Profile Management Centre,
  • Definitive deletion of personal data; please contact our Technical Support by sending an e-mail to or by opening a ticket directly from your MailUp platform. If you need legal support, we regret to inform you that we do not provide legal advice on the due fulfilment of data controller’s obligations with regard to the data uploaded on the platform. If you need such information, we advise you to consult a legal adviser of your choice.

Does MailUp and its platform comply with current privacy laws?

Indeed! The MailUp platform and its infrastructure are fully compliant with the provisions of European Regulation 679/2016 (GDPR). You may find all the information, including the location of our servers and the measures we take to protect our customers’ data, in the GDPR information hub on our website at You will also find our privacy policy on our website at
Protect your campaigns and your customers’ data

Try MailUp platform’s reliability to manage your marketing campaigns via Email, SMS and Messaging Apps.