Enterprise-grade data
protection standards.
Sendburg is built on a security-first architecture with end-to-end encryption, role-based access controls, comprehensive audit logging, and GDPR compliance by design — meeting the requirements of enterprise information security policies.
Comprehensive data protection.
Security controls designed to meet enterprise procurement and information security review requirements.
GDPR Compliance
Full compliance with EU General Data Protection Regulation. Data subject rights operationalized. Data Processing Agreement (DPA) available for enterprise customers.
End-to-End Encryption
All data transmitted over TLS 1.3. Data at rest encrypted using AES-256. Encryption keys managed through dedicated infrastructure with regular rotation.
SOC 2 Type II
SOC 2 Type II certification underway. Security controls fully documented against Trust Service Criteria. Report available to qualified enterprise prospects under NDA.
Data Deletion Rights
Formal deletion request process with 30-day completion guarantee. Automated deletion verification and certificate of destruction available on request.
Role-Based Access Controls
Principle of least privilege enforcement. Complete audit log of all data access events. No internal staff access to customer data without documented business justification.
Transparent Processing
All data processing activities documented in our privacy policy and DPA. No secondary use, resale, or sharing of customer data. Annual transparency report available.
Built on enterprise-grade
cloud infrastructure.
Sendburg runs on Oracle Cloud Infrastructure with multi-region redundancy, automatic failover, and continuous security monitoring. Oracle Cloud meets SOC 2, ISO 27001, and FedRAMP standards at the provider level.
Request infrastructure docsarrow_forwardHow we source and handle contact data.
Sendburg's database contains business contact information for professionals in their professional capacity — sourced exclusively from publicly available directories, published professional profiles, and verified through our 3-step validation process. We do not purchase contact data from third-party brokers.
LinkedIn profiles, company websites, published directories, professional registries.
Professional context exclusively. No personal email addresses, no consumer data.
Any professional can request removal via privacy@send-burg.com. Processed within 30 days.
We do not buy data from third-party data brokers or aggregators.
All contacts re-verified on a 90-day cycle to remove stale or changed records.
Legitimate interest documented for all B2B contact data processing under GDPR Article 6(1)(f).
Sub-processor list
Third-party services that process data on behalf of Sendburg, as required under GDPR Article 28.
Security documentation
available for review.
Request our security questionnaire, Data Processing Agreement, or schedule a security review call with our compliance team.