Spambrella – Trust & Privacy

GDPR Regulation

Spambrella is committed to putting you, our customer, first. This starts with protecting the data that you have entrusted in us for analysis. Earning the privilege to protect your people, data, and brand from advanced threats and compliance risks means being transparent about our privacy, security, and compliance practices and policies.


The General Data Protection Regulation is an European Union (EU) data privacy legislation that strengthens rules about how the personal data of EU residents should be processed. It comes into effect on May 25, 2018. If you have end users, customers and employees in the EU—even if you’re based somewhere else—you (and all your third party processors) must comply with the regulation’s new principles.


As a data processor, Spambrella is committed to maintaining the privacy, confidentiality, and transparency of the personal data entrusted to us. We will be publishing an ongoing series of white papers that describe how Spambrella’s solutions enable you to comply with GDPR requirements such as responding to data subjects’ requests.

Additionally, Spambrella is committed to providing GDPR compliant services to our customers. Our services are designed with data security in mind and already have many GDPR compliant features built in. Additionally, we have carefully studied the GDPR’s requirements and have enhanced our products and services to better assist our customers with their GDPR compliance efforts.

Learn more about  Spambrella and the GDPR


You may enter into a GDPR Data Processing Agreement with Spambrella by following these instructions:

Download the PDF file titled Spambrella GDPR DPAComplete and sign the information block on the first page of the DPA, with the Controller’s (Partner/Customer) full legal entity name, address, and signatory information; and submit the completed and signed DPA to Spambrella via email to


As a data processor and importer, Spambrella is committed to maintaining the privacy and confidentiality of the personal data entrusted to us. We have a documented Information Security Program describing how technical and administrative security controls are implemented to protect personal data and the physical locations in which it is hosted.

Our sub-processor North American co-location facilities perform annual SOC 1 or SOC 2 audits and European co-location facilities maintain ISO 27001 certifications. All sub-processor access controls mechanisms are established for physical and logical access to the facilities and the infrastructure hosting the services.

All physical and logical access is logged and analyzed for inappropriate access. Physical security controls for the facilities hosting the services include 24×7 on-site security, local and remote security and environmental monitoring, and redundant power and environmental controls. Physical and logical access authentication for sub-processor personnel is performed using two-factor authentication and is granted based on the employee’s role.

GDPR Regulation

Spambrella and our sub-processors have built state of the art automation tools, designed to ensure system integrity at the application level. A highly trained team of security professionals is responsible for documenting and deploying security controls. A separate team is responsible for performing Continuous Monitoring to ensure that these controls remain effective and in-place.

The infrastructure hosting the SaaS services is actively monitored with agents collecting hundreds of metrics specific to hardware, networking, and the OS. These metrics are compared against well-established baselines. Alerts are automatically generated when thresholds are crossed and escalation schemes are systematically enforced so that potential issues are addressed in a timely manner. Operations personnel are available 24 hours a day, 7 days a week to respond to any infrastructure issues.


Spambrella enters into GDPR data processing agreements, which incorporate the 1995 EU Data Protection Directive’s Standard Contractual Clauses (also known as Model Clauses), with our customers. Customers can execute a GDPR data processing agreement by following the links above in the GDPR section of this page.


Spambrella’s customers receive the contractual commitments of Spambrella regarding the customer’s data: security, breach notification, use of sub-processors, and rights to audit. These commitments are found in Spambrella’s DPA.


Spambrella’s Privacy Policy can be found here – Privacy Policy


We fully understand you may have questions and we welcome contact. Please email our Data Protection Team here


Related Case Studies

Easy to onboard my customers from another spam filtering system. Very fast and haven't had any downtime in the 9 months since I have moved to Spambrella. When I have had to use support, responses where quick. I had to move all my customers from another filtering system with little notice. After I moved my customers I realised how bad the old solution I used was. Contact with Sales and Support always been professional

Allen B., Review via Gartner Capterra

Used the software for: 2+ years - 5/5 Overall
With an ever overloaded department, and with cybersecurity skills shortage getting worse securing the I.T infrastructure.

Offloading the task of e-mail filtering to Spambrella has dramatically helped in the department's performance. The only drawback in our case is that the service is hosted outside of our territory and thus out of the legal jurisdiction.

John P., Review via Gartner Capterra

I found spambrella to be easy to set up and has dramatically reduced the number of spam emails hitting our inboxes. It was easy to 'train' the software to release any genuine emails that were caught or add any spam that was not picked up.

Within a couple of weeks of use virtually no spam arrived to our mailboxes. Spam and phishing emails are a growing problem for everyone I'm sure. I now get a very low incidence of spam.

David F., Review via Gartner Capterra

It doesn't require an arcane knowledge to set the Spam filtering up, the guides are straight to the point and support staff are very helpful. Functionality wise, in short: we do not get spammed. Thanks to Spambrella.

Archiving wise, the new solution is easy to use, searches well and fast and is by far the cheapest we could find at the time. Ten year retention rocks!

Verified Reviewer, Review via Gartner Capterra

The service is great at filtering bad email as well as junk email out while allowing clean email though. I have used a few other options over the years and this is the best I have found. Clients sometimes have trouble configuring their settings to how they want it to be. Or tag emails as approved when they shouldn't and need IT interaction to resolve. Maybe just ease of use or having a more clear way for clients to resolve basics on their own.

Brian M., Review via Gartner Capterra

Robust, versatile, and reliable...
The reliability of the service and the level of protection that it provides. My spam levels immediately dropped to near zero.

There are almost no false positives. And I'm easily able to customize the level of protection with whitelists, blacklists, and sensitivity settings. I'm also a big fan of the antivirus and URL scanning features.

Verified Reviewer, Review via Gartner Capterra

Latest blog posts

  • On June 14, 2024
Microsoft 365 Email Continuity Service – Is it Needed?

An email continuity service, whilst not strictly required for Microsoft 365, can be highly beneficial for ensuring business continuity. When considering MX (Mail Exchange) backup…

Read more
  • On June 13, 2024
HIPAA Email Security: A Guide for Healthcare Organizations

Sharing sensitive patient information via email goes hand in hand with hidden exposure risks that HIPAA regulations aim to ward off. Traditional email security standards…

Read more
  • On June 12, 2024
Business email archiving: Compliance and accessibility

An email network acts as the central nervous system by spreading critical information throughout the organization. If this network is disrupted, you may be unable…

Read more
  • On May 31, 2024
Why Microsoft 365 is Insufficient for Email Security

This article investigates why Microsoft 365 is insufficient for email security in today’s digital landscape. Email security is a critical concern for businesses of all…

Read more