Security

Our Commitment

At EmailFunnelAI, security is not an afterthought — it is foundational to everything we build. We are committed to protecting the confidentiality, integrity, and availability of your data through industry-standard security practices, continuous monitoring, and a culture of security awareness across our entire organization.

Infrastructure Security

• Cloud Hosting: Our infrastructure is hosted on enterprise-grade cloud providers with SOC 2 Type II, ISO 27001, and ISO 27017 certifications.
• Network Security: We employ firewalls, intrusion detection systems, and DDoS mitigation to protect our network perimeter.
• Redundancy: All critical systems are deployed with redundancy across multiple availability zones to ensure high availability and disaster recovery.
• Monitoring: 24/7 automated monitoring and alerting for anomalous activity, performance degradation, and security threats.

Data Encryption

• In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 with strong cipher suites.
• At Rest: All stored data, including databases and backups, is encrypted using AES-256 encryption.
• Key Management: Encryption keys are managed through secure, audited key management services and are rotated regularly.

Application Security

• Secure Development: We follow secure coding practices including code review, static analysis, and automated security testing in our CI/CD pipeline.
• Authentication: We support multi-factor authentication (MFA) and enforce strong password policies. OAuth 2.0 is used for third-party integrations.
• Authorization: Role-based access control (RBAC) ensures users can only access resources they are explicitly permitted to.
• Dependency Management: All third-party dependencies are continuously scanned for known vulnerabilities and updated promptly.

Data Handling

• Minimal Collection: We only collect data that is necessary to provide and improve our Service.
• Data Isolation: Customer data is logically isolated. One customer's data is never accessible by another.
• Backups: Automated, encrypted backups are performed daily and stored securely with geographic redundancy.
• Data Retention: We retain data only as long as necessary. Upon account deletion, all associated data is permanently removed within 60 days.

Incident Response

We maintain a documented incident response plan that includes identification, containment, eradication, recovery, and post-incident review. In the event of a data breach affecting your personal data, we will notify affected users and relevant authorities within 72 hours in accordance with applicable regulations.

Employee Security

• All employees undergo background checks before being granted access to customer data.
• Access to production systems is granted on a least-privilege basis and requires MFA.
• Regular security awareness training is mandatory for all team members.
• All employee devices are encrypted and managed with endpoint protection software.

Vulnerability Reporting

If you discover a security vulnerability in our platform, we encourage responsible disclosure. Please report any issues to our security team at security@emailfunnelai.com. We will acknowledge receipt within 24 hours and work with you to understand and resolve the issue promptly. We do not pursue legal action against security researchers who act in good faith.