• Guidance by our experienced support team
  • European based - GDPR Proof
  • Over 11,000 active users
  • Guidance by our experienced support team
  • European based - GDPR Proof
  • Over 11,000 active users
Log in
Free demo
Free 14-day trial
Free Demo
Free demo
Free 14-day trial

Sub-processors overview

Privacy Verified logo black

The privacy of you and your customers ensured

MailBlue annually achieves the Privacy Verified certificate to demonstrate that we comply with the latest GDPR regulations.

More information
Name of sub-processor
Data location
Description of sub-processing
Processing (personal) data of your contacts
ActiveCampaign, US. Hosting location depends on the email marketing account location
US, EU
MailBlue is a reseller of the software developed by ActiveCampaign. This software is also hosted by ActiveCampaign. The data in your MailBlue email marketing account is managed by ActiveCampaign and its subprocessors. In addition, MailBlue also uses the platform itself for carrying out its own email marketing activities and sending transactional emails (via Postmark).
Yes
Asana, US
US
Project management tool
Possible. When you provide contact details via a form on our website, for example during onboarding, this data may be (temporarily) stored in Asana.
Calendly, US
US
Online appointment management
No
DigitalOcean, US
EU
Hosting platform
No
Google, US
EU
Wide range of services
Possible. When you contact us via email and share (personal) data from your email marketing account, this data may be processed by Google.
MoneyBird, NL
EU
Financial administration
No
Slack (SalesForce Inc), US
US
Communication platform
Possible. For communication with our partners, it may occur that (personal) data is shared. We limit the sharing of such data to what is strictly necessary.
Xynta, NL
EU
Hosting MailBlue's websites
Possible. When you upload a contact list via a form on our website – for example for onboarding – this data is (temporarily) stored with Xynta.
Zapier, US
US
Automation platform
Possible. When you use Zapier via MailBlue to automate a connection that shares (personal) data, this data is processed by Zapier.
Make.com, EU
EU
Automation platform
Possible. When you use an eCommerce integration developed by MailBlue, the corresponding data is sent via Make.
Blue Academy, NL
EU
Payment platform and academy platform
No
OnlineIncasso, NL
EU
Services for collection procedures
No
Zendesk, US
US
Support system
Possible. When you contact us and (personal) data from your email marketing account is shared, it may be processed by Zendesk.
Intercom, US
EU
Support system
Possible. When you contact us and (personal) data from your email marketing account is shared, it may be processed by Intercom.
Loom, US
US
Screen recording system
Possible. When you submit a support request and we record an instructional video for you, it is possible that (personal) data from your contacts is visible in the video.
OpenAI, US
US
AI solution for supporting employees
No
UserFlow, US
US
Customer engagement tool
No
Aircall, FR
EU
Telephony platform
No
Bending the Rules, NL
EU
Development partner
No
Meta (Facebook / Instagram), US
EU/US
Advertising platform
No
Mollie, NL
EU
Payment provider
No
Ponto (Isabel NV), BE
EU
Payment provider
No
Atlassian, US
US
Status page provider (data is only shared with an explicit opt-in for status information)
No
LinkedIn, US
EU/US
Advertising platform
No
Cookiebot, US
US
Cookie banners
No
Piwik, EU
EU
Web analytics platform
No
Spryng, NL
EU
SMS services
Possible. When you use MailBlue SMS, the SMS messages are sent via Spryng B.V.
Hetzner, DE
EU
Hosting provider
No
LeadInfo, NL
EU
Lead collection, contact widget
No
WebinarGeek, NL
EU
Webinar platform
No

Sub-processors where your data and that of your contacts may be processed​

Goal:
Email marketing and CRM software.

Explanation:
ActiveCampaign is also the provider of the email marketing software you use with MailBlue. Only in ActiveCampaign’s system are the data of your customers, leads, etc. stored. The data you enter into your email marketing account is only stored with ActiveCampaign (and its sub-processors). In addition to using ActiveCampaign for marketing, we also use ActiveCampaign’s Postmark for sending transactional emails, such as password reset, account renewal reminders, and more.

Storage location: USA and EU*

* Since March 2024 it is possible to request an account hosted on the European datacenter of ActiveCampaign.

Additional SCC measures: (a) Pseudonymization and encryption of Personal Data (including during transmission); (b) Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services; (c) Ability to restore availability and access to Personal Data promptly in the event of a physical or technical incident; (d) Regular testing, assessment, and evaluation of the effectiveness of technical and organizational measures to ensure processing security; and (e) Ability to allow data portability and ensure erasure of Personal Data (including by Subprocessors)

Data Privacy Framework: ActiveCampaign currently has an active certification for the Data Privacy Framework. For details, visit the Data Privacy Framework website.
Data Privacy Framework

Goal:
Sister organization; outsourcing of services.

Explanation:
If you use additional services from us, such as onboarding, your data may be processed by our sister organization, Blue Agency.

Storage region:
EU

Subprocessors where your data may be processed

Goal:
Email marketing and CRM software.

Explanation:
ActiveCampaign is also the provider of the email marketing software you use with MailBlue. Only in ActiveCampaign’s system are the data of your customers, leads, etc. stored. The data you enter into your email marketing account is only stored with ActiveCampaign (and its sub-processors). In addition to using ActiveCampaign for marketing, we also use ActiveCampaign’s Postmark for sending transactional emails, such as password reset, account renewal reminders, and more.

Storage location: USA and EU*

* Since March 2024 it is possible to request an account hosted on the European datacenter of ActiveCampaign.

Participant Data Privacy Framework program:
Yes

Purpose:
Project management. If you subscribe to additional services with MailBlue, such as onboarding, your data may be managed by our sister organization, Blue Agency, within our project management system, Asana. This system does not contain any data of your contacts that you have in your email marketing platform.

Storage Region:
USA

Participant Data Privacy Framework program:
Yes

Purpose:
Sister organization; outsourcing of services

Storage Region:
EU

Purpose:
Appointment automation

Storage Region:
USA

Participant Data Privacy Framework program:
Yes

Purpose:
Hosting login.mailblue.io

Storage Region:
NL

Participant Data Privacy Framework program:
Yes

Purpose:
Email, calendar, forms, Google Ads and other Google services

Storage Region:
EU / US

Participant Data Privacy Framework program:
Yes

Purpose:
Accounting System

Storage Region:
EU

Additional Measures:
In Dutch; see: https://www.moneybird.nl/kennisbank/hoe-veilig-is-mijn-data-in-de-cloud/

Purpose:
Digital contract signing

Storage Region:
EU

Additional SCC Measures:
The Technical and Organizational Measures include measures to encrypt Customer Personal Data; to help ensure ongoing confidentiality, integrity, availability, and resilience of SignRequest’s systems and services; to help restore timely access to Customer Personal Data following an incident; and for regular testing of effectiveness.

Purpose:
Internal communication

Storage Region:
USA

Participant Data Privacy Framework program:
Yes

Purpose:
Web hosting provider

Storage Region:
NL

Purpose:
Automation

Storage Region:
USA

Participant Data Privacy Framework program:
Yes

Purpose:
Ticketing system

Storage Region:
USA

Participant Data Privacy Framework program:
Yes

Purpose:
Customer engagement tool
(e.g., pop-ups, messages, etc.)

Storage Region:
USA

Participant Data Privacy Framework program:
Yes

Do you want to stay informed about GDPR changes such as updates to subprocessors or changes to the data processing agreement? Subscribe to our updates.

Subscribe