ValidMailEnterprise-Grade Security. Built In.
Your data is processed, never stored. GDPR compliant by design.
How We Protect Your Data
Security is not an afterthought — it is the foundation of every feature we build.
Data Encryption
All data is encrypted with TLS 1.3 in transit and AES-256 at rest. Your email lists are never stored in plain text.
Zero Retention Policy
Your email lists are permanently deleted immediately after validation completes. We store results, never raw addresses.
GDPR Compliant
ValidMail is fully compliant with GDPR and EU data protection regulations. We process data lawfully and transparently.
EU Infrastructure
All processing happens on EU-based servers. Your data never leaves European jurisdiction. 99.9% uptime SLA.
How We Process Your Data
A transparent, four-step process designed for security at every stage.
You Upload
CSV, API call, or paste — your list arrives encrypted via TLS 1.3.
We Validate
Each email is verified via SMTP against the real mail server in an isolated environment.
Results Ready
Detailed results in seconds — Valid, Invalid, Risky, Unknown.
Auto-Delete
Your raw email list is permanently deleted. Only results remain linked to your account.
You Upload
CSV, API call, or paste — your list arrives encrypted via TLS 1.3.
We Validate
Each email is verified via SMTP against the real mail server in an isolated environment.
Results Ready
Detailed results in seconds — Valid, Invalid, Risky, Unknown.
Auto-Delete
Your raw email list is permanently deleted. Only results remain linked to your account.
Compliance Status
Where we are today and what we are working towards.
GDPR Compliant
Controls and contractual terms aligned with GDPR requirements.
TLS 1.3 Encryption
All data encrypted in transit with the latest protocol.
AES-256 At Rest
Stored data encrypted at rest with AES-256.
Auto-Delete After Processing
Raw email lists permanently purged after validation.
EU-Based Infrastructure
Servers located in Germany and the Netherlands.
No Data Resale
Data is not sold; processing is limited to required subprocessors.
SOC 2 Type II
Expected Q3 2026.
ISO 27001
Expected Q4 2026.
DPA (Data Processing Agreement)
Available on request.
Public Status Page
Expected Q2 2026.
Penetration Test Report
Expected Q3 2026.
CCPA Compliance
Expected Q3 2026.
Security FAQ
All ValidMail infrastructure runs on EU-based cloud servers, primarily in data centres located in Germany and the Netherlands. Your data never leaves European jurisdiction.
We don't store your email list after validation. Raw email addresses are permanently deleted immediately after processing completes. We only retain the validation results (Valid, Invalid, etc.) linked to your account.
Data is not sold. Processing may involve required subprocessors (for example hosting, database, and payments) described in our privacy terms.
Upon account cancellation, all your data including validation history and results is permanently deleted within 30 days. You can also request immediate deletion by contacting support.
ValidMail operates with GDPR-aligned controls and legal basis documentation for email validation. CCPA coverage remains on the roadmap for Q3 2026.
Yes. Under GDPR you have the right to access, rectify, and erase your data. Send a request to privacy@validmail.online and we will respond within 72 hours.
Ready to validate with confidence?
Start with 250 free credits. No credit card required.