Platform features & compliance overview
Platform-grade email infrastructure for regulated industries
EmailConnect's Platform plan is designed for organisations in finance, healthcare, legal, and government that require full regulatory compliance and auditable infrastructure alongside their email automation.
All Platform features build on top of the existing Maker+ capabilities — you get everything in Maker+, plus the compliance and security controls your CISO, DPO, or legal counsel needs to approve the vendor.
What's included
Immutable audit logging
Every email processed, every webhook delivered, and every administrative action is logged in a searchable, exportable audit trail. Designed to meet GDPR accountability requirements (Article 5(2)) and support NIS2 incident reporting obligations.
- Timestamped records of all system activity
- Exportable in standard formats for compliance reporting
- Tamper-proof log storage within EU jurisdiction
Role-based access control (RBAC)
Granular permissions for teams of any size. Define who can configure aliases, view logs, manage billing, or access sensitive data.
- Admin, operator, and read-only roles
- Separation of duties for security-critical operations
- User activity tracking for compliance audits
Signed data processing agreement (DPA)
A formal DPA that explicitly guarantees EU-only data residency and processing, as required by GDPR Article 28 for controller-processor relationships.
- Covers all sub-processors and storage locations
- Specifies data handling, retention, and deletion procedures
- Available for download at Settings → Compliancy on all plans, including Free
Data Residency Mode
For organisations that require email content to remain exclusively within their own infrastructure, Data Residency Mode ensures that EmailConnect never persists email body, attachments, or headers in its central database.
- Email content is delivered to your webhook and stored in your own S3 bucket
- Only routing metadata is retained by EmailConnect (message ID, recipient address, subject, timestamps, delivery status) — sender addresses are not stored
- Requires an active custom S3 storage connection
- Trade-off: dashboard payload preview, replay, and manual retry are unavailable when content is not stored
Regional MX servers can be provisioned in Germany, the Netherlands, and France, with additional countries available on request. On-premise deployment is available for organisations that need full infrastructure control. See the full Data Residency Mode guide for the architecture, available regions, and sovereignty tiers.
Custom data retention policies
Define exactly how long email data, attachments, and logs are retained. Set policies per domain or globally, with verifiable deletion.
- Configurable retention periods to match sector-specific regulations
- Automated data purging with confirmation
- Retention reports for audit purposes
Programmatic email deletion
Business+ plans can delete emails programmatically via the API once processed. This minimizes data exposure — extract what you need from the webhook payload, then delete the stored email immediately.
Dedicated SLA & priority support
Guaranteed uptime commitments with priority support channels. Designed for production workloads where email processing is mission-critical.
EU data sovereignty — no U.S. jurisdiction exposure
All Platform features operate within EmailConnect's EU-sovereign infrastructure. This means:
- CLOUD Act immune — no U.S. entity can compel access to your data
- FISA Section 702 exempt — no exposure to U.S. surveillance programmes
- Patriot Act protected — complete isolation from U.S. legal frameworks
- GDPR native — built from the ground up for European data protection law
For a deeper dive into why this matters, see our guide on the hidden GDPR trap.
Getting started with Platform
Platform plans are tailored to your organisation's requirements. Contact us to discuss your needs:
Email: enterprise@emailconnect.eu
We'll walk through your compliance requirements, volume needs, and integration architecture to put together the right plan.