Taxi for Email/Future Design Unit Ltd is ISO 27001 certified, to ensure our organisation and technology manages risk to information security correctly, and to keep information managed by our organisation secure (including our customer data).
Please see our Information Security Policy Statement for further information.
Taxi helps you produce your email content, it does not send emails to your customers this means we do not hold or process audience lists, or any data about your customers. The scope of PII that we handle is limited to basic details of the members of the team that uses Taxi, which we hold to enable logging in and so on.
We have implemented a formal procedure for security events and have educated all our staff on our policies.
We used automated deployment techniques which mean we can update our systems in a matter of minutes. We typically deploy code several times every day, so we have high confidence that we can get a security fix out quickly when required.
All of our services run in the cloud. We do not run our own routers, load balancers, DNS servers, or physical servers. Our services and data are hosted in Amazon Web Services (AWS) facilities in Ireland.
Our infrastructure is spread across 3 AWS data centers (availability zones) and will continue to work should any one of those data centers fail unexpectedly.
All customer data is stored in the EU. We are fully registered with the Information Commissioner's office.
All data sent to or from Taxi for Email is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
Taxi For Email is served 100% over https. Our team use two-factor authentication (2FA) and strong password policies. We offer a range of options for our customers around login so they can choose the standards that suit them best and match their own security policies
Taxi for Email enables permission levels to be set for users.
Our systems are automatically monitored 24/7 and our team are notified of issues in real time.
As a London based company the GDPR is part of the law where we operate, as such our processes and systems are fully compliant.
For the purposes of the GDPR we are registered as a Data Controller for our own data and a Data Processor for situations where we handle data on behalf of our customers.
For more information, read about our approach to GDPR.
We monitor usage of Taxi so that we can learn more about how our customers use the platform, which in turn helps us continually improve our products. This analysis is performed using anonymised and aggregated data.
What we do:
What we don't do:
Taxi For Email is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe.