logotype
Our Sales team will contact you after filling out the form.
Your role
By clicking “Submit” I acknowledge receipt of the IceWarp Privacy Policy.

Cookie anyone?

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. You consent to our cookies if you continue to use our website. learn more

Accept
Data Privacy and GDPR at IceWarp
IceWarp has been fully GDPR compliant since the regulation came into effect on May 25, 2018. Our systems and processes are designed to meet all legal and technical requirements for data protection and security. Here’s how we support your compliance as well.
What is GDPR?
The General Data Protection Regulation (GDPR) is the EU’s most comprehensive legislation governing the collection, storage, and processing of personal data. It strengthens individuals’ rights and increases accountability for organizations handling such data.

Personal data includes names, photos, emails, IP addresses, social media posts, health records, and other sensitive information.

While GDPR is often viewed as a data security law, it also significantly impacts internal company processes, including data access, retention, and deletion policies.
Technical Compliance with IceWarp
Using the latest version of IceWarp Server provides a strong foundation for GDPR compliance. We perform regular security audits, vulnerability testing, and apply timely updates across all system components.

To support your compliance efforts, we recommend:

  • Enabling data loss protection via SmartAttach and Archiving
  • Limiting server access based on clearance levels
  • Enforcing two-factor authentication (e.g., with IceWarp Authenticator)
  • Using S/MIME to encrypt and sign emails
  • Running the server under dedicated user accounts, not root
  • Appointing authorized personnel for email archive and full-text search
  • Enabling audit logs to track user activity
  • Ensuring data erasure is performed by the data owner

Some IceWarp features, such as global archivist accounts, can help fulfill GDPR requests, including data audits and subject access.
Handling Data Subject Requests
IceWarp On-Premise and Cloud allow you to search, export, and delete personal data across emails, messages, and files, supporting key GDPR rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object

Full-text search and filters enable quick and thorough responses to access and deletion requests.
Cloud Services & Privacy
IceWarp Cloud complies with the GDPR, regardless of where your data is hosted. You can choose from certified data centers in the EU and the US, with guarantees that data stays within your selected jurisdiction.

Our cloud infrastructure is built for security, applying:

  • Dedicated VMs with non-shared storage
  • Individual firewalls and VPN/SSH-only access
  • Smart automation with limited open ports
  • Proactive monitoring of services and traffic
  • High physical security across all data centers

We also support HIPAA compliance for US-based healthcare organizations. You can find more about data center locations at icewarp.com/product/technical-specification/.
Contact & Support
Questions about GDPR or data protection?