Here you will find a collection of our legal documents and information on our data processing.
As part of our Information Security Management System, our solutions and all aspects related to the delivery of them – from all technical and organisational measures to the entire value chain – are reviewed annually by external, independent IT auditors based on the ISAE 3402 and ISAE 3000 audit standards.
Enreach Outbound – ISAE 3402 report 2025
Enreach Flows – ISAE 3402 report 2025
Enreach Outbound – ISAE 3000 report 2025
Enreach Flows – ISAE 3000 report 2025
Our services are co-located across Danish data centres, AWS in Ireland and Germany and Azure in Netherlands.
Physical servers are hosted in our racks in data centres in Denmark, and virtual servers are hosted in the AWS data centres in Germany, and Dublin and Azure in Netherlands.
Production data is hosted in EU-based data centres only, and no data ever leaves the European Union.
The overall architecture and security setup is illustrated below.
The infrastructure of Outbound.
The infrastructure of Flows.
Include, but are not limited to:
All data protected behind multiple firewalls
Databases not available via the public internet, only via VPN
All data transfer takes place over HTTPS only
Fail2ban is in place in front of publicly exposed services
All network traffic is monitored, logged and analyzed in real-time, alerting relevant personnel if abnormal patterns are detected
Users authenticate using instance name, username and password
IP restrictions can be applied, meaning that logins will only be authenticated when they originate from a list of IP addresses specified by you
Multi-Factor Authentication can be applied to all Enreach Campaigns users
Enreach Outbound offers the following compliance features:
Easily specifying an interval for auto-deletion of your data stored in our platform
Leads can be black-listed to avoid future contact
Logs of all interactions with businesses or private individuals are easily searchable and accessible from the frontend
All actions within our platform – including data exports – are logged.
Please find a link to our standard DPA, here.
When using Enreach Outbound (provided by Enreach Campaigns A/S) and our Flows and Payments features, the sub-data processors listed below provide you with our services securely.
Global Connect A/S, company no. 26759722, address: Hørskætten 3, 2630 Taastrup, Denmark
Digital Reality Danmark, company no. 25147022, address: Industriparken 20, 2750 Ballerup, Denmark
AWS (Amazon Web Services), services within the Dublin and Frankfurt locations, i.e. AWS region = EU (Ireland) and AWS region = EU (Frankfurt).
As a company this is:
Amazon Web Services, Inc.
410 Terry Avenue North
Seattle, WA 98109
United States
State file # 4152954
Following Enreach Campaigns' choice of EU (Ireland) and EU (Frankfurt) as the regions for all AWS services, Enreach Campaigns data within AWS is only located in Ireland and Germany, and is neither replicated nor transferred to other AWS regions.
In addition, the following sub-data processor applies for Flows:
Microsoft Azure, services within EU
Evert van de Beekstraat 354
1118 CZ Luchthaven Schiphol
Noord-Holland
Netherlands
In addition, the following sub-data processor applies for Payments:
MobilePeople Solutions A/S, company no. 25379225, address: Symfonivej 34, 2730 Herlev, Denmark