Global Email:Privacy and Global Email

From Melissa Data Wiki
Jump to navigation Jump to search

← Global Email

Global Email Navigation
Domain-Only Verification
Privacy and Global Email
Best Practices
Service URLs
Request Fields
Response Fields
Batch XML
Batch JSON
Interpreting Results
Deliverability Confidence Score (Basic)
Result Codes (Advanced)
Global Email Result Codes
Sample Code

Certifications and Compliance

As a company, Melissa is fully GDPR compliant and holds various certifications. We are proud to take privacy and security very seriously, and aim to be transparent when detailing how we handle your data.

All Global Email requests are secured with HTTPS and the latest TLS.

Please refer to our compliance page for more details.

What We Store and Why

We store some minimal information from each Global Email request for logging, diagnostic, debugging, and optimization purposes.

Melissa does NOT give or sell this information to any other entity. It is all strictly for internal use.

Also, we do NOT use received emails for any marketing or advertising purpose. Again, they are only used internally for Global Email.

Aside from standard diagnostic and debugging information, Global Email does use a cache of emails. This cache stores the result of the last check on that email so that users who verify an email within a short time of another user verifying the same email can get the same results faster.

For European users, emails are additionally encrypted using a one-way hash, which means that emails are impossible to decipher and are not human-readable.

See the following sections for more details.

Outside of Europe

For users not affected by any extra privacy regulations, Global Email securely logs emails and other internal diagnostic information. As mentioned above, all Global Email requests are sent with current HTTPS and TLS encryption.

This cache is just emails with several numerical values attached to them. This is used for internal logging purposes, and more importantly to improve speed without sacrificing accuracy. There is nothing to tie any email to any individual, whether that be the owner of the email or the user who verified the email.

Europe and GDPR

As of the 25th of May 2018, the European Union implemented the General Data Protection Regulations (GDPR).

These regulations apply to anyone who processes data gathered or stored in the European Union, regardless of where the data processor is located.

Overall, GDPR obligates all data collectors and processors working in Europe or with European data to transparently collect, store, and process that data, and to do so with only the minimum amount of data needed for the task at hand.

Additionally, GDPR dictates that data systems must implement data privacy and protection by default.

For more information, see this summary of GDPR from the European Union itself, or the full text of the regulations.

Emails specifically are less sensitive compared to other personal data, such as full names or addresses. GDPR does allow companies to store emails - no encryption or other obfuscation required - as long as it is hard to connect any email to any other piece of personal information, whether internally or in the event of a breach.

Other information related to emails, namely information about domains, is not considered personal data. You may find that some requests do include contact information about the domain owner, but this information is gathered from external sources, all of which are GDPR compliant in their own right.

Interestingly, since GDPR allows companies to store unencrypted emails as long as they cannot be connected to other personal information, our method of caching outside of Europe was already GDPR compliant.

But, for Global Email specifically, we have gone beyond simple compliance.

We store information about the connection status of the MX server in the form of encrypted hashes. This means that users get the best of both worlds: the performance of our non-European email verification, and the assurance that we are more than fully GDPR compliant. As mentioned previously, all encryption is one-way.

Please do not hesitate to reach out to us with any questions regarding our GDPR compliance.

Data Across Borders

It is important to note that GDPR does allow companies to leverage data gathered and stored outside of the GDPR sphere of influence. Therefore, we use our US-hosted cache of nearly 800 million emails to bolster email verification in Europe in only a read capacity.