Security & Privacy

Last revised 2/22/17.

Mailgun shall maintain and implement the following technical and organizational measures in relation to the security of any Customer Configuration.

1. Administrative Controls.

1.1 Screening. Mailgun will perform pre-employment background screening of its employees who have access to customers’ accounts, and is committed to employee supervision, training, and management.

1.2 Mailgun Access. Mailgun will restrict the use of administrative access codes for customer accounts to its employees and other agents who need the access codes for the purpose of providing the Services. Mailgun personnel who use access codes shall be required to log on using an assigned user name and password.

1.3 Customer Access. As the primary application administrator, you are responsible for the management of your accounts, including creation, change management, and termination.

2. Reports of and Response to Security Breach.

Mailgun will report to you as soon as reasonably practicable in writing and in accordance with applicable law, of a material breach of the security of your Customer Configuration which results in unauthorized access to your Customer Data resulting in the destruction, loss, unauthorized disclosure or alteration of your data of which we become aware. Upon request, we will promptly provide to you all relevant information and documentation that we have available to us regarding your Customer Configuration in connection with any such event.

3. Customer Data Return.

The Services enable you to retrieve, correct, or delete Customer Data. Depending on your Services, you may not have access to your Customer Configuration or Customer Data during a suspension of Services, or following the termination of the Agreement. You are responsible for retrieving a copy of your Customer Data prior to the termination of the Agreement.

4. Privacy and Personal Data Processing.

4.1 Roles. In respect to “Personal Data" processed under the Services, you may act as “controller" or “processor" and Mailgun may act as “processor" or “subprocessor", as those terms are defined in the European Union Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Mailgun is responsible for those security measures detailed here or in the applicable Agreement.

4.2 Instructions for Data Processing. Mailgun will process Personal Data only to the extent and in such a manner as is necessary to provide the Services under the Agreement or as otherwise instructed by Customer from time to time.

4.3 Notifications. Mailgun shall notify you as soon as reasonably practicable in writing: (a) of any communication received from an individual relating to (i) an individual’s rights to access, modify, correct, delete or block his or her Personal Data and (ii) any complaint about your Processing of Personal Data; and (b) to the extent not prohibited by law, of any complaint, notice or other communication that relates to Customer’s compliance with data protection and privacy law and the processing of Personal Data.

You agree to make any required notifications to and obtain required consents and rights from, individuals in relation to Mailgun’s provision of any work or Services to you. Where Mailgun receives the communication described in this section and notifies you of such communication, it is your responsibility to respond to and take all other appropriate action with regard to the communication required under the applicable law.

Last revised 2/22/17.