Welcome to Sinch's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
For your convenience, we have broken down the trust center into four different buckets to better assist you with your Security and Compliance needs. You can navigate between products using the dropdown at the top of the page.
- Sinch Messaging Products
- Sinch Email Products including Mailgun, Mailjet and Email on Acid
- Sinch Voice Products including Inteliquent, UCaaS and Phaxio
- Sinch Message Media including MessageMedia, ClickSend and Bulletin
Breaking security news can always be found at the bottom of the page. This includes breaking vulnerability news, issues with current products, and happenings at the company.
If you subscribe, you will be alerted when new audit reports are available. Drop us a question and we will respond directly back to you!
We are working on our security compliance. We can provide completed questionnaires upon request.
We take application security seriously and are putting together a program to monitor internal apps.
Access is tightly monitored and controlled at our company. We are happy to provide more details about our access control practices upon request.
We protect our corporate network against external & internal threats.
Trust Center Updates
2024 ISO27001 and ISO27701 Certificates now available for Mailgun Technologies Inc.
ComplianceCopy linkUpdated ISO27001 and ISO27701 Certificates for Mailgun Technologies Inc. are now available for download on the Trust Center.
We have reviewed our Snowflake instances to ensure MFA is implemented as recommended and investigations have revealed no indication of compromise.
Sinch Mailgun is aware of CISA Alert Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access. We are actively investigating all instances following Snowflakes recommendation to query for unusual activity and conduct further analysis to prevent unauthorized user access. As of now our investigations have revealed no indications of compromise.
We have conducted a thorough review of our systems, leveraging multiple security tools and have determined that, currently, none of our systems are affected by CVE-2024-3094.
Should you have any further questions or concerns regarding our security posture or the CVE-2024-3094 vulnerability, please do not hesitate to contact us.
We recently received our 2023 Penetration Tests from our third party provider Doyensec for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.
Sinch Mailgun is aware of the recent Citrix Vulnerability (CVE-2023-4966) involving Netscaler. We have evaluated our systems and we are not impacted by the vulnerability mentioned or the relating vulnerabilities in the Citrix article. The confidentiality, integrity, and availability of our systems remain unharmed.
Sinch Mailgun is aware of the recent Okta security breach. We want our customers to know that we have not been made aware of any impact from this breach. The confidentiality, integrity, and availability of our systems remain unharmed.
Sinch Mailgun is aware of the security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. Sinch Mailgun is actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library and implementing remediations where necessary. As of now our investigations have revealed no indications of compromise.
Mailgun Technologies, Inc., US company, part of the Sinch group, has submitted its self-certification application and is awaiting the response on the DPF. Given the large number of applications, the Dept of Commerce is taking more than anticipated in reviewing them. Please continue to check the active list of certified companies to see our company registered. In any event, we will continue to adhere to the strictest standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any and all transfers to and from the US and EU.
Mailgun Technologies, Inc. is currently evaluating its participation and self-certification into the Data Privacy Framework. Please note that the self-certification is voluntary, and the Data Privacy Framework applies nonetheless since July 10, 2023. We will continue to adhere to the strictest of standards of data privacy and continue to maintain adequate and supplemental technical and organizational measures for any transfers to and from the US and EU.
We recently received our completed 2023 SOC 2 reports, ISO 27001 and ISO 27701 certifications for Sinch Mailgun, Sinch Mailjet, and Sinch Email On Acid. The reports themselves can be accessed directly from the security portal.
Recently, our security team became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
We want our customers to know that Sinch Email (Mailgun/Mailjet/EOA/InboxReady) has not been impacted by this vulnerability.
We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
Mailgun's Response to the 2022 OpenSSL 3 Vulnerabilities
After careful review of our infrastructure, the Mailgun team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022. As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md
Thanks and please reach out with any questions.
If you think you may have discovered a vulnerability, please send us a note.