Security for your compliance team.
When physical mail carries PII (names, addresses, account numbers), security isn’t optional. MailStream encrypts data end-to-end, audits print partners, and maintains the certifications regulated industries require.
Compliance
Certifications that matter.
We maintain the certifications your security, legal, and compliance teams need to approve a new vendor. No hand-waving, just audited, documented controls.
SOC 2 Type 2
Our security controls undergo thorough annual SOC 2 Type 2 audits, and detailed reports are available under NDA for enterprise customers.
HIPAA / HITECH
MailStream offers healthcare clients HIPAA-compliant data handling, BAAs, and performs thorough annual audits to ensure compliance and security.
CCPA
We support California Consumer Privacy Act requirements including data access requests, deletion rights, and opt-out mechanisms for personal information processing.
GDPR
For customers with EU data subjects, MailStream implements privacy-by-design principles, data minimization, and proper consent management aligned with GDPR requirements.
Platform security
Defense in depth, not security theater.
- Encryption in transit
- All API communication uses TLS 1.2+ encryption. Data is never transmitted in plaintext between your systems and MailStream.
- Encryption at rest
- Customer data and artwork are encrypted at rest with AES-256. Keys are managed via a key management service.
- PII handling
- PII is isolated, access-controlled, and purged after set retention periods. It never persists longer than needed.
- Role-based access control
- Team accounts support granular permissions. Restrict who can send mail, manage billing, access API keys, or view mailing lists, with full audit logging.
- API key management
- Generate, rotate, and revoke API keys from the dashboard. Separate test and live keys ensure development workflows never touch production data.
- Audit logging
- Every API call, dashboard action, and mail event is logged with timestamps, user identity, and IP address. Logs are retained for compliance review.
Print partner security
Security doesn’t stop at the API.
Because we own the print infrastructure, we control the physical security environment too. Unlike platforms that broker to third-party printers, we maintain direct oversight of every facility that handles your data.
- 256-bit
- AES encryption at rest
- 99.9%
- Platform uptime SLA
- 24/7
- Security monitoring
- 72hr
- Max data deletion window
- Facility access controls
- Print facilities use badge entry, security cameras, and logs. Only authorized personnel access areas where customer data is rendered.
- Data destruction
- Printed files are removed from production systems right after printing. Any waste with PII is shredded, no customer data remains.
- Regular audits
- We conduct on-site security reviews of production facilities, verifying compliance with our physical security standards and data handling policies.
- Chain of custody
- Mail pieces are tracked from file to USPS handoff with timestamped events. The custody chain is accessible via API and dashboard.
Real results
Teams trust MailStream to deliver.
We replaced three vendors with MailStream and finally got full visibility from print to delivery. Tracking every piece in real time changed how we measure direct mail.
Daniel H.
VP of Growth, Northbridge Labs
The HTML design tool is a game changer. We design, personalize, and send without ever leaving the platform. No more emailing PDF proofs back and forth.
Olivia W.
Director of Marketing, Cedarpoint Group
We integrated the API in a day and had automated compliance notices running by the end of the week. The HITRUST certification made our security team very happy.
Ethan K.
Engineering Lead, Vantage Health
Join agencies, SaaS teams, and operators using MailStream to automate direct mail at scale without manual vendors or guesswork.