Rock-solid, enterprise-grade security to help corporate comms teams tell their story.
PR storytelling needs speed. It also needs trust. Presspage is a SaaS platform built to help corporate communications teams publish, manage, and share their stories securely.
Our security controls have been implemented alongside the ISO 27001 standard, giving customers a clear foundation for how we protect data, access, infrastructure, and availability.
Below is a quick overview of the measures we have in place. If you prefer to go directly to our procurement guide, simply click the button below.
Certifications
ISO 27001:2022
GDPR compliant
Yes
Uptime
99.99% uptime see status page for info
Hosting location
AWS Frankfurt, Germany (primary) and Dublin, Ireland (secondary)
Datacenter certifications
Visit the AWS Compliance page and the ISO certification page
Backups
Point-in-time every 5 minutes, full backup every 24 hours
Backup location
Physically separate AWS location in the European Union
Authentication
Strong password with mandatory MFA, or Single Sign On
Authorization
Role-based access control
Data encryption
TLS 1.2 and 1.3 in transit, AES-256 at rest
DNS security
DNSSEC supported, plus SPF and DKIM for Presspage Mail
IPv6 support
Yes
Trust is not something we ask customers to take on faith. As a software provider, protecting customer data and information is a core responsibility for Presspage.
That is why we work with strict policies, regular risk assessments, and an information security management system designed to protect the confidentiality, integrity, and availability of data.
Presspage has attained ISO 27001:2022 certification, issued by DEKRA Seal, an independent certification body. This certification verifies that Presspage's ISMS (Information Security Management System) complies with international standards for protecting data and data processing.
DEKRA Seal audited the development, integration, maintenance, sales, and technical support of our software and services. Being awarded ISO 27001:2022 certification means, among other things, that we have measures in place to help make sure information is not available to unauthorized people or entities, that information is accurate and complete, and that it is accessible and usable by authorized people when they need it.
Customers need to know what data is processed, why it is processed, and how it is protected. Presspage explains this in our Privacy Statement and, where required, signs a Data Processing Agreement (DPA) with customers.
As a processor of personal data uploaded to the Presspage platform, we also take the security of that data seriously. The DPA sets out the relevant responsibilities and obligations under the General Data Protection Regulation.
Our Privacy Statement explains how Presspage processes your personal data, why we collect it, the legal grounds for processing it, how long we keep it, who we share it with, and how it is protected.
It also explains your rights as a data subject, how we use cookies, and how you can contact us.
Here you can find answers to some of our most frequently asked questions about GDPR and Data Processing.
The GDPR stands for the General Data Protection Regulation. It came into force on May 25, 2018 and replaced the Data Protection Directive 95/46/EC.
It gives EU citizens more control over their personal data and sets rules for how personal data may be processed. Organizations must make sure personal data is collected legally, handled under strict conditions, protected against misuse, and managed in a way that respects the rights of data subjects.
The GDPR applies to organizations operating within the EU, organizations processing data within the EU, and organizations processing personal data belonging to people from the EU. Since Presspage stores all customer data, including personal data, in Germany, the GDPR applies to your relationship with Presspage, even if your organization is not located in the EU.
There are two parts to this answer.
First, Presspage processes personal data needed to execute the agreement between you and Presspage. This includes personal information of your users, so they can create an account within our platform. Presspage is responsible for the way this data is processed and for doing so in line with the GDPR. More detail is available in our Privacy Statement.
Second, Presspage processes personal data that you upload to the platform. For this data, Presspage acts as the processor and you act as the controller, using the terminology of the GDPR. The controller remains responsible for deciding the purposes and means of processing the personal data.
The GDPR requires a data processing agreement when there is a controller-processor relationship. For this reason, we cannot give you a pre-made text to add to your privacy policy. As the controller, you decide how the data is used, how long it is retained, which specific data is collected, and similar details. As the processor, Presspage provides the tools that allow you to control this data.
All data stored in or uploaded to the Presspage platform by you is processed by Presspage on your behalf. When that data is personal data, it falls within the scope of the GDPR.
In that relationship, Presspage is the processor and you are the controller. Whenever this relationship exists, the GDPR requires both parties to sign a Data Processing Agreement (DPA), which sets out the obligations for processing that data.
In principle, articles and editorial content are not considered personal data. But if an article contains information that can identify a data subject, such as contact information, an email address, or a phone number, that information is personal data and a DPA is required.
The same applies when the Contact Information module is used. This module involves uploading personal information, which Presspage processes in the platform on your behalf. Because personal data can be processed easily in day-to-day newsroom activity, we require a DPA to be signed.
Yes. With Presspage Mail, personal information is processed by Presspage on your behalf. This includes contact details uploaded in this section. Because personal data is being processed, a DPA needs to be signed.
Visitors to your newsroom should be informed about widgets and how they work. Some third parties place cookies themselves so visitors can share newsroom content on social media networks.
Visitors should be given the opportunity to decline these cookies. If they decline them, the related functionality may not work, or may not work as expected. Any data collected through these cookies is stored according to the privacy policies of the relevant third parties.
Presspage includes this information in our cookie notification. Please see the article about cookies for more information. It remains your responsibility to notify visitors about these third-party cookies.
Presspage is bound by the provisions of the GDPR.
Among other things, the GDPR includes provisions for actions to be taken in the case of a personal data breach and minimum requirements for securing and protecting personal data. In practice, this means we must notify you without undue delay about any data breaches and take all reasonable measures to prevent or limit any further violation of the GDPR. It also means we must maintain a level of security that is appropriate to the risk and compliant with GDPR requirements.
Presspage has adopted the following security measures:
No. Unsubscribing is not the same as exercising the right to be forgotten.
When a contact unsubscribes, they are opting out of receiving emails from your organization. That does not mean their personal data is automatically deleted.
A deletion request under the GDPR, also known as a right to be forgotten request, is different. It means a contact is asking for all their personal data to be permanently erased.
To help make sure unsubscribed contacts are not accidentally re-added and emailed again, the platform saves their data together with their unsubscribe status. This approach is compliant with the GDPR under the legal basis of legitimate interest, specifically the interest of avoiding unwanted communication and ensuring compliance with opt-out requests.
If a contact wants to be fully removed, they must formally request deletion through the customer, meaning the data controller. This is considered a different type of request under the GDPR.
Presspage provides several safeguards to make sure contacts who have opted out are not emailed again:
To remove unsubscribed contacts, use the filter box to filter by Status > Unsubscribed. Select the unsubscribed contacts and click Delete. This removes the contacts from the platform.
As the data processor, Presspage makes sure technical safeguards are in place to enforce opt-out preferences.
As the data controller, it is the customer’s responsibility to decide:
| Name | Purpose | Data processed | Data location |
|---|---|---|---|
| Agility PR | Media Database | Name, email address | Canada |
| Amazon (AWS) | Hosting | All data uploaded by users | Germany, Ireland |
| Atlassian (Jira) | Internal ticketing system | Name, data required to resolve reported issues | Germany, Ireland |
| Chargebee | Payment processor | Name, email address, billing information | United States |
| Contentsquare (Hotjar) | Usage analytics | IP address, location data | Ireland |
| Google (Workspace) | Email, calendar, documents | Name, email address, data transmitted by users in email or document | Europe |
| Mailgun | Presspage Mail | Name, email address, contents of email campaigns | Germany |
| OpenAI (ChatGPT) | AI functionality | Data the user inputs in AI features | United States |
| Productboard | Feedback collection | Name, email address | United States |
| Twilio (Sendgrid) | Transactional mails | Name, email address | United States |
| Userpilot | Product engagement tool | Name, email address | France |
| Zendesk | Ticketing system | Name, email address, data included in support requests | Germany |
The European Accessibility Act (EAA), which came into effect on June 28, 2025, requires certain digital services, including websites, to meet accessibility standards such as WCAG 2.1 Level AA.
Presspage includes accessibility-friendly features such as semantic HTML for navigation, keyboard accessibility, and automated alt text for images. But accessibility also depends on how content is managed and customized within each newsroom.
As a newsroom owner, you remain responsible for making sure elements such as video captions, accessible hyperlinks, and clear content structure align with regulatory requirements.
Here is a brief overview of what Presspage does, and what you can do, to help make sure no one gets left behind:
Use semantic HTML, such as header, footer, nav, and article tags, for site navigation
Make the newsroom keyboard-only accessible, so users can tab through the page
Ensure that this tab order is logical and makes sense
Add focus indicators
Provide skip to main content links for screen readers
Ensure that pages have consistent navigation in header and footer
Provide a sitemap as an extra navigation option
Provide a breadcrumb module to help users navigate the site
Automatically add alt text to uploaded images
Add labels to form inputs created with the form module
Use role="presentation" where appropriate for table elements
Use valid and well-formed HTML
Provide specific, meaningful error messaging for interactive modules
Use ARIA appropriately to enhance accessibility when HTML is not sufficient
Add captions to videos. YouTube supports captioning, and our video module supports VTT captioning files
Provide an alternative for video with audio, such as a transcript
Make sure video and audio elements are not set to autoplay
Do not use moving content, such as videos or GIFs, that flashes more than 3 times per second
Use meaningful anchor text for hyperlinks
Use meaningful titles and subheadings
Use meaningful labels and button text for forms
Add alt text for inline images or images linked from another location
If you use charts, provide a legend that explains the colours used
Provide text alternatives for non-text content, such as infographics
Write content that is easy for most people to understand and avoid unnecessary jargon
If jargon or technical terms must be used, provide a glossary or briefly explain the word
Work with our development team to create a newsroom template that adheres to accessibility standards for contrast ratio
Presspage takes accessibility seriously and is always open to suggestions on how to improve the accessibility of our newsrooms. That may mean updating our platform as a whole or making newsroom-specific changes to a customer template.
Our platform is designed to be compatible with the WCAG 2.2 (AA) standard, supporting a more inclusive experience for all users.
✓ Security & compliance docs
For faster IT review.
✓ Procurement & legal resources
For smoother approvals.
✓ Implementation details
For clearer setup planning.
