Is EmailAddress.ai SOC 2 compliant?

Yes. EmailAddress.ai is SOC 2 Type II aligned with full security, availability, and confidentiality controls and an annual third-party audit.

Do you sign Business Associate Agreements (BAA)?

Yes. Business Associate Agreements are available for healthcare customers in covered entity relationships under HIPAA. Contact enterprise@emailaddress.ai.

How is customer data encrypted?

All data is encrypted with AES-256 at rest and TLS 1.3 in transit. There is no plaintext data storage at any layer of the infrastructure.

What is your data retention policy for verification?

Email addresses submitted for verification are deleted within 24 hours post-processing. There is no long-term storage of customer email data.

Do you support SSO and IP allowlisting?

Yes. Enterprise plans include SAML 2.0 single sign-on, role-based access control, and IP allowlisting for API access.

Security & Compliance

Enterprise-Grade Security

Built for the security requirements of Fortune 500 companies, healthcare organizations, and financial services firms.

Trusted by High-Volume Senders

SOC 2 Type II Aligned

Full security, availability, and confidentiality controls with annual third-party audit. Documentation available for enterprise procurement.

ISO 27001

Information security management system aligned with international standard. Our controls are audited and continuously monitored.

GDPR Compliant

Full data processing agreements, right-to-erasure support, and EU data residency options for European customers.

HIPAA-Aligned

Healthcare data handled with HIPAA-aligned safeguards. Business Associate Agreements (BAA) available for covered entities.

Data Encryption

AES-256 encryption at rest, TLS 1.3 in transit for all data. No plaintext data storage at any layer of our infrastructure.

Zero Data Retention

Email addresses submitted for verification are deleted within 24 hours post-processing. No long-term storage of customer email data.

Enterprise Security

Built for Regulated Industries

Our security posture was designed from the ground up to satisfy the requirements of pharmaceutical companies, financial services firms, and healthcare organizations. We understand that compliance isn't optional — it's a prerequisite.

Full audit trails for all data access

Role-based access control (RBAC)

Single sign-on (SSO) via SAML 2.0

IP allowlisting for API access

Penetration testing — annual third-party

Dedicated security contact: security@emailaddress.ai

Compliance Documentation

Request our full security documentation package for enterprise procurement and legal review.

BAA for Healthcare

Business Associate Agreements available for covered entities under HIPAA. Contact enterprise@emailaddress.ai.

Security Review

We accommodate customer security questionnaires and vendor review processes for enterprise onboarding.

Explore related pages

Request Compliance Documentation

SOC 2, ISO 27001, GDPR DPA, and HIPAA BAA — all available on request.

Contact Enterprise Team