Is Predimail GDPR compliant?

Yes. Predimail operates under GDPR with data subject rights, DPA on request, and EU-friendly data handling.

Do you use my mailbox data to train AI models?

No. Data accessed via Google/Microsoft APIs is not used to train or improve AI models. It is processed only to provide the service.

What certifications or frameworks do you follow?

Predimail is CASA Tier 2 certified and maintains SOC 2–aligned security controls including encryption, access management, logging, and incident response.

Security

CASA Tier 2 certified • SOC 2–aligned controls • GDPR compliance

Last updated: 09/11/2025

Predimail protects your data with layered controls across encryption, identity & access management, secure development, monitoring, and incident response. Below is a transparent overview of our practices.

Encryption in Transit & at Rest

TLS 1.2+ for all connections; HSTS enforced
Data at rest encrypted with strong AES-256
Key management with restricted access

Access & Identity Management

Least-privilege, role-based access (RBAC)
MFA enforced for privileged operations
Segregated environments and audited admin actions

Compliance & Certifications

CASA Tier 2 certified
SOC 2–aligned controls and processes
GDPR compliance and DPA on request

Google Workspace & Microsoft APIs

Data accessed only to provide the service (classification, drafting, sending)
No training of AI models on customer mailbox data
Scopes are minimized; access can be revoked at any time

Monitoring, Logging & Secure SDLC

Centralized logging, alerting, and anomaly detection
Code reviews, dependency monitoring, and vulnerability scanning
Change management with approvals and rollbacks

Data Retention & Deletion

Retained only as long as necessary for service delivery
Ephemeral processing for transient tasks
Account-level deletion workflows and backups with limited retention

Incident Response

Documented IR plan with 24/7 on-call rotation
Containment, eradication, and recovery procedures
Customer notifications as required by law and contracts

View CASA Tier 2 certificate

Security FAQ

Key answers about Predimail’s security and compliance.

Yes. Predimail operates under GDPR with user rights support and a Data Processing Addendum on request.

No. Data from Google/Microsoft APIs is processed only to provide the service and is not used to train or improve AI models.

Predimail is CASA Tier 2 certified and maintains SOC 2–aligned controls including encryption, access management, logging, and incident response.

Ready to evaluate Predimail for your security needs?

Review our Privacy Policy or contact us for a DPA and security questionnaire.

Start Free Trial