Overview

At Taxi for Email we take your privacy and security seriously. In addition to the information on this page we recommend you also review our Terms of Use, Cookie Policy and Privacy Policy.

ISO 27001

Taxi for Email/Future Design Unit Ltd is ISO 27001 certified, to ensure our organisation and technology manages risk to information security correctly, and to keep information managed by our organisation secure (including our customer data).

Please see our Information Security Policy Statement for further information.

What data do we process (PII)?

Taxi helps you produce your email content, it does not send emails to your customers — this means we do not hold or process audience lists, or any data about your customers. The scope of PII that we handle is limited to basic details of the members of the team that uses Taxi, which we hold to enable logging in and so on.

Incident Response Plan

We have implemented a formal procedure for security events and have educated all our staff on our policies.

Build Process Automation

We used automated deployment techniques which mean we can update our systems in a matter of minutes. We typically deploy code several times every day, so we have high confidence that we can get a security fix out quickly when required.

Infrastructure

All of our services run in the cloud. We do not run our own routers, load balancers, DNS servers, or physical servers. Our services and data are hosted in Amazon Web Services (AWS) facilities in Ireland.

Our infrastructure is spread across 3 AWS data centers (availability zones) and will continue to work should any one of those data centers fail unexpectedly.

Data

All customer data is stored in the EU. We are fully registered with the Information Commissioner's office.

Data Transfer

All data sent to or from Taxi for Email is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.

Authentication

Taxi For Email is served 100% over https. Our team use two-factor authentication (2FA) and strong password policies. We offer a range of options for our customers around login so they can choose the standards that suit them best and match their own security policies

Permissions and Admin Controls

Taxi for Email enables permission levels to be set for users.

Application Monitoring

Our systems are automatically monitored 24/7 and our team are notified of issues in real time.

GDPR & Taxi for Email

As a London based company the GDPR is part of the law where we operate, as such our processes and systems are fully compliant.

For the purposes of the GDPR we are registered as a Data Controller for our own data and a Data Processor for situations where we handle data on behalf of our customers.

For more information, read about our approach to GDPR.

Analytics & Monitoring

We monitor usage of Taxi so that we can learn more about how our customers use the platform, which in turn helps us continually improve our products. This analysis is performed using anonymised and aggregated data.

What we do:

  • Monitor aggregates and averages across all of our customers for:
    • How many emails are being made every week
    • How much time elapses between an email first being created and it being exported
    • How many times specific actions are taken (i.e. clicks on a certain button, visits to certain pages, on-page actions like opening menus)
  • Track common routes through the application (from page to page) and which actions are taken.
  • Some events and actions are recorded against specific users, in order that we can establish patterns and sequences across our whole user base

What we don't do:

  • Access your email content
  • Use the user’s personal details (name, email etc) in our analysis
  • Sell your data, or share it with any third parties

PCI Obligations

Taxi For Email is not subject to PCI obligations. All payment instrument processing is outsourced to Stripe.