Flowmailer security

Completely in control

Flowmailer is completely developed, hosted and supported in-house by our own dedicated staff. They know our systems by heart and focus every day on making your Flowmailer experience as smooth as it can possibly be. A continuous evaluation process ensures we have eyes on each aspect of our platform, allowing us to keep improving our services in an efficient way. Flowmailer is fully ISO/IEC 27001:2005 (Information Security Management) certified.

Software Development

Our experienced developers created Flowmailer from scratch and developed it all the way to the reliable and proven product it is today. Flowmailer utilizes modern software frameworks and development methods to maintain a rapid rate of development while controlling quality. All new features are security-checked before development, reviewed on completion and closely monitored after being deployed.

Service Operations

Flowmailers' Service Operations department is responsible for optimal availability, performance, security and e-mail delivery. Basically these guys make sure you actually get the service you expect from us every day and work in close co-operation with Software Development.

Customer Care

Should anything go wrong, or if you have any questions, you can always rely on your personal contact at Flowmailer. We understand the value of your data and will only access your account when you request us to do so. You control access to your account by granting individuals the access level you want them to have, that includes Flowmailer employees.

Dedicated platform

Flowmailer runs on a completely dedicated platform to ensure maximum safety and reliability. This allows us to control everything, from hardware to e-mail delivery and every component in between. Our engineers work on further improvements of reliability and performance every day.

Reliable environment

Our physical equipment is housed in professional environments, where vital things like access control and camera security are guaranteed 24/7. These datacenters are located in The Netherlands and fully certified ISO 9001:2008 (Quality Management), ISO/IEC 27001:2005 (Information Security Management) and PCI-DSS (Data Security Standard).

The servers containing your data can only be accessed by our own authorized staff. We don't use any shared services, meaning communications to Flowmailer and our internal data flows cannot be accessed by other companies.

Solid foundation

The Flowmailer platform has many own base facilities that contribute to reliability and security. An example are our daily local and off-site backups that never leave our own platform and are strictly monitored and our DNS and SMTP servers. No third party services (except connectivity outside our platform) are used to run Flowmailer.

Focused security

The Flowmailer team is very security-minded and every development choice gets made with risk considerations in mind. This results in a very secure service using secure connections (TLS), personal logins only storing secure password hashes and supporting two-factor authentication. Access to our services is restricted by firewalls that are configured to only allow the minimum connectivity required for our services and employees have the minimum authorization required to do their jobs. All employees are screened and have a relevant Certificate of Conduct from the Dutch Ministry of Security and Justice.


Monitoring helps us to detect and possibly solve problems as early as possible, preferably before any service disruptions are caused. Flowmailer is monitored for availability, performance and security by both automated and procedural checks. A detailed audit log is kept containing all modifications to Flowmailer accounts.

Automated monitoring

Automatic checks alert our staff 24/7 of any possible service interruptions. In many cases, our responses prevent service interruptions before they actually happen and/or our clustered infrastructure can recover from failures without manual intervention. When we do need to intervene, our tiered architecture allows our skilled engineers to solve most problems in minutes.

We actively respond to detected potentially dangerous or otherwise unwanted behavior by any actor and block them if required. We then try to contact the company or person involved and their internet provider. Police reports are filed for what we perceive to be serious offenses.

Procedural checks

Our staff monitors our platform closely using various statistics and logs. This routine makes sure we have a clear picture of what's 'normal' for our platform, both in terms of technical behavior and for interactions with the rest of the world. This allows us to detect anomalies before they can cause any harm. We make sure to have enough platform capacity, even for peak loads, by closely watching usage trends.

Audit log

All activity in Flowmailer is logged extensively and is available to our engineers for analysis of complex support issues or other incidents. The Flowmailer dashboard also contains an Audit log available to our users, containing all changes made to your account by any user. Notifications will tell you when important events (such as access was granted to a new user) or possible problems (we couldn't handle a message) occur.


Regular and proactive maintenance including software updates ensures continued stability of our services.

Regular updates

Any system that connects to the Internet is potentially vulnerable for outside attacks. Keeping all software up-to-date and fully patched reduces these risks considerably. All components that make up the Flowmailer plaform are therefore regularly and where possible completely automatically updated.

Continuous innovation

Updates are one thing, but we continue to improve our platform every day. As a result of this, Flowmailers' core functions are now fully clustered and scalable, decoupling service availability from our backend processing. This means our architecture guarantees reliable message handling from the moment we accept it.