Emailcenter UK Limited


Maxemail is a cloud based software solution for email marketing, email automation and transactional email applications.


  • Email Builder - easy creation of HTML emails
  • Segmentation tools - offers higher targeted emailing
  • Enterprise level platform - multi departments/user/access
  • Dynamic Content in email message
  • Multivariate and AB testing tools
  • Behavioural and Real time targeting
  • Dedicated IP, bespoke domains and monitored deliverability
  • Integrates with 3rd party systems via API , Webhooks, FTP
  • SMS and Email campaigns
  • Advanced reporting suite


  • UK based platform support services
  • UK based infrastructure and data centres
  • Easy to use interface improves productivity
  • Advanced tools increase ROI from emailing through improved targeting
  • Secure, robust responsive and reliable platform
  • Multi-user access, multiple accounts and access rights
  • Award winning range of consultancy and technical services available
  • Easy integration with 3rd party solutions, (eCommerce, CRM, SCV databases)
  • Automatic Responsive email designs
  • Established Maxemail users within UK government


£0.0004 to £0.006 per transaction per year

Service documents


G-Cloud 11

Service ID

7 1 4 5 0 2 0 8 1 4 1 7 8 9 4


Emailcenter UK Limited

Jason McSweeney

44 1327 811884

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Requires a web browser Microsoft Internet Explorer V10+, Firefox V20+, Chrome V20+, Safari V6+
System requirements
  • Microsoft Edge - last 3 major versions
  • Firefox - last 4 major versions + ESR
  • Chrome - last 4 major versions
  • Safari - last 3 major versions

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Confirmation immediate.
Initial response < 15 minutes, Mon-Fri 9am - 5:30pm.
Standard answers < 60 minutes, Mon-Fri 9am - 5:30pm.
Other terms as per agreed SLA.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard platform support is offers via email, phone, UI.
Additional support during out of hours can be provided if required at an additional cost.
A range of additional consultancy and technical services is available at an additional cost.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started We offer online training with help documentation available within the User Interface
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users have access to all elements and data / lists. Data can be exported directly by users that have access rights to do so.
End-of-contract process Included in the cost of the contract is a delete / purge of all data stored by the system. The primary client contact permission is sought prior to the delete/purge process.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface The service is accessed through a web based User Interface.
Accessibility standards None or don’t know
Description of accessibility Users can input information relevant to the system, e.g. email information, recipient data, dynamic content.
Input fields are described with text. Action buttons are described with text as well as by defined icon and/or colours.
Accessibility testing All UI components are tested for use-ability, including meeting internal guidance standards for descriptive and indicative properties.
What users can and can't do using the API The API is the basis of the way the User Interface (UI)communicates with the 'backend' of Maxemail, as such any function that is available via the UI is available via the API and can be controlled from 3rd party application.
API documentation Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The working environment can be customised, with controls of user access rights and how data/ list/profiles are stored.
Users with admin rights have control to customise


Independence of resources Our platform architecture is designed with multiple redundant and scalable technology for the application servers and database and mta servers across multiple data centres. All aspects of the platform are monitored including Uptime (pingdom) User Interface response time, send rates, data processing capacity. The platform is designed to provide a continuous service with minimal downtime for regular maintenance and upgrades.


Service usage metrics Yes
Metrics types Service metrics include, email credit usage and balance, litmus test credit usage, Multivariate test credit usage. Service Expiry date together with alerts/reminders. Usage audit trail.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Via the UI, data is exported via HTTPS. Data is is CSV format
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability The Service Level Agreement for Maxemail is at
Approach to resilience Service resilience is built into hardware, network and software layers. Detail is available on request.
Our SLA's and service uptime records reflect the resilience of the service.
Outage reporting We have a public dashboard for reporting outages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Roles are defined that allow/restrict access according to functional need. Changes can only be made by authorised users with the correct access level themselves.
Roles are assigned to individual users.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Cert. IASME-A-01453

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The security team consists of Tech. Operations Manager, Systems Admin, Lead Developers and is headed by the Technical Director.
Policies and policy changes are communicated to all staff as necessary and during on-boarding for new starters. Monitoring of adherence is dependant on the policy procedure, e.g. by random checks or automated monitoring of system user actions.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Security impact is assessed for every change to the systems. A full change management system where all changes are recorded, from requirement, to design to implementation is used.
A team of people, including business, product, systems and engineering staff are involved in the process as appropriate.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability testing is carried out regularly as an internal practice. Penetration and application security testing by external organisations is carried out from time to time in conjunction with clients.
Threat information is gathered on an ongoing basis from forums, blogs and user groups, along with our own research.
We have an update release schedule governed by our change management process that includes the ability to release an urgent security patch within hours of a fix being developed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Network monitoring, full audit logging of system and user activities and logging of system process contribute to identifying potential compromises.
Logs/audits are analysed using software to allow for rapid identification, alerting and understanding of potential extent.
Alerting and response operates on a 24/7 basis with immediate engineer resource available.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents are reported to systems support then are recorded in the ISMS Incident Log along with following comments and actions.
Events are assessed by the ISMS Manager or the Technical Director to determine if they are to be defined as information security incidents. If so, an incident report is created and communicated as a document detailing the event, resolution and future learnings.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0.0004 to £0.006 per transaction per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Access to the platform, all functionality. Email credits need to be purchased to enable emails to be sent
Link to free trial

Service documents

Return to top ↑