Trust Center

Start your security review

View & download sensitive information

Ask for information

Trust Center

Data protection regulations in general are designed to protect the personal data of individuals and impose obligations on organizations that collect, process, and store such personal data. These obligations apply to both our customers and Mimecast. We take our obligations under these data protection regulations (such as GDPR, CCPA, POPIA and PIPEDA) governing the services we provide seriously.

We are always reviewing our products and services and making enhancements to help support our customers’ data privacy compliance journey. We also commit ourselves to data protection through our Data Processing Addendum which is available to our customers.

Scroll down this page for information cards including:

Certification and Attestation reports (security packs)
Data Processing Addendum
AI Development Pledge
Processing details
Technical and Organizational Measures
Sub-processors
Accessibility Statement
Privacy Statement

We're here to help. Contacts us at: certificationqueries@mimecast.com.

Compliance

Cyber Essentials Plus

Documents

Featured Documents

COMPLIANCEISO 14001:2015

COMPLIANCEISO 22301:2019

COMPLIANCEISO/IEC 27001:2022

COMPLIANCEISO/IEC 27701:2019

COMPLIANCEISO/IEC 42001:2023

COMPLIANCESOC 2 Type 2

Certification and Attestation

Global - Common to All Regions

Securing Your Data

North America

Access Control

Overview

Remote Access

Identification and Authorisation

Privacy (Compliance)

Overview

Authority to Process

Consent and Privacy Notice

Resilience

Overview

Planning, Policy and Procedures

Alternate Storage

Information Security Packs

Global

Australia

Canada

AI Development

Mimecast’s Pledge

Customer Data Usage in AI/ML Model Development

AI/ML Model Development Process

Legal

Data Processing Addendum/Datenverarbeitungsvertrag/Addendum relatif au traitement des données

Mimecast Intercompany Agreement

DPA FAQs

Data Privacy

Data Privacy Statement

Data Subject Access Request

Preference Center

Cross Border Transfers

Our Commitment

Data Privacy Framework Statement

Australia

Commercial Sub-Processors

Overview

Affiliate Sub-Processors

Core Sub-Processors

Advanced Email Security

Data Processing Details

Technical and Organizational Measures

Sub-Processors

Brand Exploit Protection

Data Processing Details

Technical and Organizational Measures

Sub-Processors

Collaboration Threat Protection

Data Processing Details

Technical and Organizational Measures

Sub-Processors

DMARC Analyzer

Data Processing Details

Technical and Organizational Measures

Sub-Processors

Cloud Archive

Data Processing Details

Technical and Organization Measures

Sub-Processors

Aware Governance & Compliance

Data Processing Details

Technical and Organizational Measures

Sub-Processors

Engage Security Awareness

Data Processing Details

Technical and Organizational Measures

Sub-Processors

Incydr Data Protection

Data Processing Details

Technical and Organizational Measures

Sub-Processors

Accessibility Statement

Our Approach

Our Commitment

Our Products Accessibility

Mimecast Climate Disclosure

Climate Strategy, Environmental Stewardship and Regulatory Alignment

Compliance and Reporting

Climate Impact – Transition and Physical Risks

Trust Center Updates

Mimecast Update on MongoBleed (CVE-2025-14847).

Copy link

Vulnerabilities

In response to the recent MongoBleed vulnerability (CVE-2025-14847), we are making the following statement:

• Our investigation to date has not identified any software impacted by CVE-2025-14847 (MongoBleed).
• There have not been any remediation steps taken as Mimecast’s investigation has not identified any vulnerable software within our environment. However, Mimecast’s continuous monitoring and security tools have detections for indicators of compromise associated with CVE-2025-14847 and we continue to monitor the situation.