At Lettermint, confidentiality is not an add-on. It is part of how the platform is built and operated. For many of our customers, keeping data confidential is not just a preference but a legal duty. We take that seriously, and we can prove it.
This page explains how we approach confidentiality, what it means for customers who are bound by professional secrecy, and where you can verify our security and compliance for yourself.
Confidentiality is built into how we work
We are a Netherlands-based European transactional email and broadcast platform, built and hosted in the EU. Your email data, including message content and recipient details, is processed within the European Union and stays inside our own infrastructure. Access to it is limited, role based, and logged.
A few things that hold true by default:
- Data is encrypted in transit and at rest.
- Our staff are bound by confidentiality before they are given access to any customer data.
- Access to message content and recipient data is restricted to what is needed for delivery, support, security, and abuse prevention, and it is recorded.
- The providers that handle your email data are located inside the EU, under data processing agreements and with confidentiality in place.
Our security practices are aligned with the ISO 27001:2022 standard. You do not have to take our word for any of this: our Trust Center sets out our security controls, policies, compliance, and certification status, and is continuously monitored.
Professional confidentiality
Some of our customers work in professions where confidentiality is required by law. Tax advisors, lawyers, accountants, doctors, and similar professionals are often bound by professional secrecy, protected by criminal law across the EU. In Germany, Austria, and Switzerland this can go a step further and ask the provider itself to commit in writing, for example under § 203 StGB in Germany, a Verschwiegenheitsverpflichtung.
These rules usually require the professional to make sure that any provider who could access protected data is also bound to confidentiality. If you are in this position, or you serve clients who are, we understand the requirement and we are ready to support it.
We can put a confidentiality agreement in place that reflects your professional secrecy obligation, alongside our standard Data Processing Agreement. If you need this, please contact us at legal@lettermint.co and tell us which obligation applies, so we can match the agreement to your situation.
How we prove it: our Trust Center
Rather than ask you to trust a list of claims, we make our security posture transparent. Our Trust Center gives you a live view of our security and compliance, kept continuously up to date.
In the Trust Center you can review:
- Our certifications and the standards we are assessed against.
- The security controls and policies we have in place.
- The subprocessors we rely on, including their role and location.
- The current state of our compliance, kept up to date automatically.
Where your data is processed
Your email data is processed on infrastructure located within the European Union. We do not move your message content or recipient data outside our own EU infrastructure to deliver the service.
Some supporting services, such as payment processing, may handle limited data outside the EU. When that happens, we make sure proper safeguards are in place. You can find the details for each provider in our Trust Center and on our Subprocessors page.
Get in touch
If you have a specific confidentiality requirement, a professional secrecy obligation, or a question about how we protect your data, we are happy to help. Contact us at legal@lettermint.co.
This page is provided for information. It explains our approach to confidentiality and does not by itself create a contract. Any confidentiality agreement, our Data Processing Agreement, and our Terms of Service set out the binding terms.