GDPR Compliance Features

How Piler Enterprise helps you comply with GDPR requirements

Piler Enterprise enables you to ensure the completeness of your company email archives. It features several functions to comply with GDPR.

Efficient, Fast Full Text Search

You can efficiently provide the requested information to third parties, and you can provide timestamped proof of email access history.

Retention Periods

Many documents that possibly contain personal data might need to be stored in an auditable manner and protected from deletion and manipulation in accordance with local, federal or industry specific statutory periods. The data subject's right to erasure according to GDPR may often seem to contradict the retention obligation. Piler Enterprise provides features for erasure and storage management that help companies to comply with retention or erasure as applicable. You are therefore able to erase data that has been archived in an auditable manner in accordance with the GDPR and prove it has been carried out.

  • If the delete feature is turned on, then an auditor user may remove a message if it contains sensitive personal data. Based on your settings approval of a data officer can be enforced.
  • If the purging feature is enabled, then the purging utility periodically removes aged messages from the archive
  • The legal hold feature can be used to prevent removing a user's emails even if some of those emails are aged and marked for deletion

Security Best Practices

The encryption methods employed by Piler Enterprise protect the archived data, and the options provided by the permissions feature enable you to reduce the number of people authorized to consult the data to a minimum, in compliance with GDPR. A cryptographic signature that can be added to exported emails ensures that exported emails remain protected from tampering, even outside of the archive.

Piler Enterprise uses the following measures to protect your data:

  • Using TLS encryption during the SMTP transaction
  • The piler-smtp daemon supports SMTP ACL lists to limit access to who can send emails to the archive
  • Pilerimport supports both POP3 and IMAP over TLS
  • All stored emails are encrypted using a 256-bit long key using the AES algorithm

Strict Access Control

  • The Piler UI supports 2-factor authentication using an Authenticator application, eg. Google Authenticator, Okta Verify, etc.
  • Support for Single Sign-On (SSO)
  • The Piler UI uses strict access control to limit users to see only their own emails (users with auditor role are able to see any email)

Automated Audit Log

Piler Enterprise features an audit log that provides you with seamless and detailed log of the activities within the archiving system.

  • The piler daemons syslog the SMTP client address, the recipients of the email, the SMTP commands in the transaction, message-id of the email, number of attachments
  • The Piler UI syslogs all login attempts with username, IP-address and timestamp
  • The Piler UI writes an audit log for each user action, e.g. user search for something, user viewed an email, etc. Such a log consist of the username, timestamp, IP-address and the performed action

ML-Based Threat Detection

Piler Enterprise includes machine learning-based phishing detection to protect against sophisticated email threats while maintaining GDPR compliance.

  • All ML processing occurs locally on your infrastructure - no data is sent to external services
  • ML models are embedded in the software and run offline, ensuring data sovereignty
  • Detection results are logged with full audit trail for compliance verification

Data Controller Responsibility

When you deploy Piler Enterprise, you are the Data Controller responsible for compliance with GDPR. Piler Enterprise provides the tools to help you fulfill your obligations:

  • Right to Access: Fast full-text search enables quick retrieval of data subject information
  • Right to Erasure: Delete feature allows removal of specific messages containing personal data
  • Right to Data Portability: Export emails in standard formats (EML, MBOX, PST)
  • Right to Rectification: Audit logs track all modifications for transparency

For Service Providers: If you provide email archiving services to clients, you act as a Data Processor. Piler Enterprise supports Data Processing Agreements (DPAs) with appropriate technical and organizational measures.

Usage Data Collection for Billing

For license compliance and billing purposes, Piler Enterprise transmits aggregated usage statistics to our billing servers. This collection is GDPR-compliant:

  • Aggregated Data Only: Only domain-level statistics (domain names, user counts, email counts) are transmitted
  • No Email Content: Email content, subjects, senders, recipients, and message-level data are NEVER transmitted
  • Encrypted Transmission: All data is transmitted via TLS/HTTPS to billing1.mailpiler.com and billing2.mailpiler.com
  • Data Minimization: Only the minimum necessary data for billing purposes is collected

Legal Basis: Data collection is necessary for contract performance (license compliance) under GDPR Article 6(1)(b). See the EULA Section 11 for complete details.

Note: To comply with GDPR, there may be further technical and organizational security measures that the user and/or their service provider needs to perform in a specific workflow organization, in addition to the corresponding use and configuration of Piler Enterprise.

Ready to Ensure GDPR Compliance?

Learn how Piler Enterprise can help your organization meet GDPR requirements

Start Free Trial Contact Us