Security
Email security without the enterprise theatre
Encrypted in transit and at rest. Hosted in European data centres. GDPR-aligned. SSO, audit, and DMARC built in — not bolted on.
Data residency
Independent European infrastructure
Biza Email runs on independent European infrastructure with EU data residency available on request — without third-party analytics piggybacked onto your mail.
- Independent European infrastructure with EU data residency available
- No customer email content routed through third-party analytics platforms
- Standard contractual clauses for cross-border data flows available on request
- Daily encrypted off-site backups, retained for 30 days
Encryption
Encrypted in transit, encrypted at rest
Modern TLS for every connection. Disk encryption for every byte stored. SPF, DKIM, and DMARC configured automatically for every domain you connect.
- TLS 1.2+ for SMTP, IMAP, and HTTPS connections
- AES-256 disk encryption on all primary and backup storage
- SPF, DKIM, DMARC records auto-configured during DNS setup
- Strict DMARC enforcement available per domain
Identity
SSO, 2FA, and audit log — built in
Authenticate through your identity provider. Track every meaningful event. Revoke access in one place.
- SAML 2.0 and OIDC SSO with Okta, Google Workspace, Microsoft Entra
- Optional 2FA per account, enforced by policy or opt-in
- Audit log of sign-ins, mailbox access, and send / receive events
- One-click session revocation across web and native clients
Compliance
Honest about what we have and what's coming
We don't claim certifications we haven't earned. Here's the current state.
- GDPR-aligned: EU data residency, DPA on request, privacy-by-design
- SOC 2 Type II audit on our 2026 roadmap — engaged with an audit firm
- Designed for ISO 27001 alignment: access controls, audit logging, backup procedures
- Standard MSA, DPA, and security addendum available for procurement review
Operations
Monitored, backed up, and recoverable
We treat operational security as a product feature, not an afterthought.
- 24/7 infrastructure monitoring with on-call rotation
- Daily off-site encrypted backups, 30-day retention
- Documented incident-response process with customer notification SLA
- Regular dependency patching and CVE review
Frequently asked questions about security
Are you SOC 2 certified?
Not yet. We're engaged with an audit firm and SOC 2 Type II is on our 2026 roadmap. We don't claim certifications we don't have — if procurement requires SOC 2 today, we're happy to share our control documentation and audit timeline.
Where is my data stored?
Biza Email runs on independent European infrastructure with EU data residency available for customers who need it contractually. We're happy to share the specific data-centre region and operator details under a DPA or NDA — ask during your trial.
Can I get a DPA and security questionnaire response?
Yes. We provide a standard Data Processing Agreement on request, plus responses to common security questionnaires (CAIQ, SIG Lite). Email [email protected] or ask during your trial.
Email security that holds up under procurement review
Standard MSA, DPA, and security addendum available. Talk to us about your specific requirements.