Working with your data

If you're seeking reassurance and information about the security of your data in relation to our services, this section gives you the details, links to our policies and DPA, and the answers to some frequently asked questions.

The headlines are:

  • Our Information Security Management System (ISMS) has been certified to the international quality standard ISO 27001 since January 2017. If you would like to see our policy documents for either of our quality standard certifications ISO 27001 or ISO 9001 please contact our Data Protection officer.
  • If you have any queries in relation to your rights or privacy matters generally please email our Data Protection officer. 
  • We have appointed IT Governance EU Limited to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR) or have any queries in relation to your rights or privacy matters in the EU please contact our representative via email. Please ensure you include our company name, Email Hippo, in any correspondence you send to our representative.
  • If you would like to agree and sign a specific data processing agreement with Email Hippo which complies with the data legislation applicable to you such as the EU’s General Data Protection Regulations or the California Consumer Privacy Act please contact us.
  • We are registered with the Information Commissioner's Office; our registration number is ZA309925.

Our corresponding policies are:

To contact our Data Protection Officer please send your request with your name and contact details to us via email.

To close your account please send your request to our support team with your account name via email.

For your information, here are our current ISO certificates:

     EmailHippo_ISO27001_certificate                     EmailHippo_ISO9001_certificate


Data is valuable and we understand why it can feel risky to share it.

You need to be sure that when you select a data processor you choose one that takes security seriously.  We take it very seriously. 

Five BIG questions to ask any company providing software services that include data processing:

  • Why should I trust you?

  • What do you do with my data?

  • Do you share it / sell it?

  • Is it safe when it’s with you?

  • Where is it processed?

Here are our answers:

1. Why should I trust you?

Because we are real people, providing a service we’re really proud of.

We’ve been validating email addresses since 2009. We are not the new kids on the block; we have a reputation for excellence to maintain. We were the first email validation company to have information security management systems that are accredited to the ISO 27001 international security standard.  That means our accredited system is integral to our business practices. Our roles and responsibilities with regard to security are clearly defined; we audit our system every six months, and on an ongoing basis we capture and act upon all relevant information relating to security.

You are right to ask questions, and right to trust Email Hippo

2. What do you do with my data?

Basically, we receive it, process it as quickly as we can and give it back. 

Our suite of products work slightly differently to one another and provide results that range from simple to complex. Most of them have email address validation as a central service. When we validate email addresses, we contact the mail server for each address to check if the address is OK. Then we append information about that email address and either return the data to you in real-time or make it available for you to download from your portal.

When it comes to our customers’ individual personal information, we act properly to make sure we don’t gather, store or use data in any way that is outside the law. When you become a customer your credit card details are handled in PCI compliant applications. We don’t store or manually handle credit card details or share any details with 3rd parties.

3. Do you share or sell my data?

We never share data.
We never sell data.

You haven’t asked us about storing data - we store data securely in Europe for a maximum of 90 days before it’s automatically deleted. This is in order to enable our customers to have a window of time to download their processed files.

4. Is my data safe when it’s with you?

As safe as it can be, but there is no such thing as a 100% guarantee. 

The fact that our security systems are accredited to ISO 27001 shows that we take significant measures to keep information safe and continue to act in ways that give peace of mind to our customers.

Our pro-active approach ensures we reduce the likelihood of security issues, and manage associated risks. Like any other data processor, we can’t give an absolute guarantee of security; what you can be sure of is that because we have accredited systems in place we are in a good position to ensure your data is protected from threats and manage information security breaches if they do occur.

5. Where do you process data?

All our servers that process and store your data are in Europe.

If we validate an email address where the mail server is outside Europe, the individual email address will briefly pass outside Europe when it is being validated, just as it would if you emailed that address.

If you have questions about security and compliance, please get in touch with our Data Protection Officer by email.