Maxemail is a cloud based software solution for email marketing, email automation and transactional email applications.
- Email Builder - easy creation of HTML emails
- Segmentation tools - offers higher targeted emailing
- Enterprise level platform - multi departments/user/access
- Dynamic Content in email message
- Multivariate and AB testing tools
- Behavioural and Real time targeting
- Dedicated IP, bespoke domains and monitored deliverability
- Integrates with 3rd party systems via API , Webhooks, FTP
- SMS and Email campaigns
- Advanced reporting suite
- UK based platform support services
- UK based infrastructure and data centres
- Easy to use interface improves productivity
- Advanced tools increase ROI from emailing through improved targeting
- Secure, robust responsive and reliable platform
- Multi-user access, multiple accounts and access rights
- Award winning range of consultancy and technical services available
- Easy integration with 3rd party solutions, (eCommerce, CRM, SCV databases)
- Automatic Responsive email designs
- Established Maxemail users within UK government
|Software add-on or extension||No|
|Cloud deployment model||Public cloud|
|Service constraints||Requires a web browser Microsoft Internet Explorer V10+, Firefox V20+, Chrome V20+, Safari V6+|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Initial response < 15 minutes, Mon-Fri 9am - 5:30pm.
Standard answers < 60 minutes, Mon-Fri 9am - 5:30pm.
Other terms as per agreed SLA.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard platform support is offers via email, phone, UI.
Additional support during out of hours can be provided if required at an additional cost.
A range of additional consultancy and technical services is available at an additional cost.
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||We offer online training with help documentation available within the User Interface|
|End-of-contract data extraction||Users have access to all elements and data / lists. Data can be exported directly by users that have access rights to do so.|
|End-of-contract process||Included in the cost of the contract is a delete / purge of all data stored by the system. The primary client contact permission is sought prior to the delete/purge process.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||No|
|Description of service interface||The service is accessed through a web based User Interface.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Users can input information relevant to the system, e.g. email information, recipient data, dynamic content.
Input fields are described with text. Action buttons are described with text as well as by defined icon and/or colours.
|Accessibility testing||All UI components are tested for use-ability, including meeting internal guidance standards for descriptive and indicative properties.|
|What users can and can't do using the API||The API is the basis of the way the User Interface (UI)communicates with the 'backend' of Maxemail, as such any function that is available via the UI is available via the API and can be controlled from 3rd party application.|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
The working environment can be customised, with controls of user access rights and how data/ list/profiles are stored.
Users with admin rights have control to customise
|Independence of resources||Our platform architecture is designed with multiple redundant and scalable technology for the application servers and database and mta servers across multiple data centres. All aspects of the platform are monitored including Uptime (pingdom) User Interface response time, send rates, data processing capacity. The platform is designed to provide a continuous service with minimal downtime for regular maintenance and upgrades.|
|Service usage metrics||Yes|
|Metrics types||Service metrics include, email credit usage and balance, litmus test credit usage, Multivariate test credit usage. Service Expiry date together with alerts/reminders. Usage audit trail.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Via the UI, data is exported via HTTPS. Data is is CSV format|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The Service Level Agreement for Maxemail is at
|Approach to resilience||
Service resilience is built into hardware, network and software layers. Detail is available on request.
Our SLA's and service uptime records reflect the resilience of the service.
|Outage reporting||We have a public dashboard for reporting outages.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Roles are defined that allow/restrict access according to functional need. Changes can only be made by authorised users with the correct access level themselves.
Roles are assigned to individual users.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials Cert. IASME-A-01453|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
The security team consists of Tech. Operations Manager, Systems Admin, Lead Developers and is headed by the Technical Director.
Policies and policy changes are communicated to all staff as necessary and during on-boarding for new starters. Monitoring of adherence is dependant on the policy procedure, e.g. by random checks or automated monitoring of system user actions.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Security impact is assessed for every change to the systems. A full change management system where all changes are recorded, from requirement, to design to implementation is used.
A team of people, including business, product, systems and engineering staff are involved in the process as appropriate.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Vulnerability testing is carried out regularly as an internal practice. Penetration and application security testing by external organisations is carried out from time to time in conjunction with clients.
Threat information is gathered on an ongoing basis from forums, blogs and user groups, along with our own research.
We have an update release schedule governed by our change management process that includes the ability to release an urgent security patch within hours of a fix being developed.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Network monitoring, full audit logging of system and user activities and logging of system process contribute to identifying potential compromises.
Logs/audits are analysed using software to allow for rapid identification, alerting and understanding of potential extent.
Alerting and response operates on a 24/7 basis with immediate engineer resource available.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Incidents are reported to systems support then are recorded in the ISMS Incident Log along with following comments and actions.
Events are assessed by the ISMS Manager or the Technical Director to determine if they are to be defined as information security incidents. If so, an incident report is created and communicated as a document detailing the event, resolution and future learnings.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£0.0004 to £0.006 per transaction per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Access to the platform, all functionality. Email credits need to be purchased to enable emails to be sent|
|Link to free trial||https://www.emailcenteruk.com/signup/|