Get 2X More Replies Without Sending More Emails -> 𝗟𝗲𝗮𝗿𝗻 𝗠𝗼𝗿𝗲

Technical & Organizational Terms

Effective: October 01, 2018
Updated: June 21, 2019

We take the security of your data very seriously at HCG Partners GmbH. We aim to be as clear and open as we can about the way we handle security.

If you have additional questions regarding security, we are happy to answer them. Please write to and we will respond as quickly as we can.


We place strict controls over our employees’ access to the data our users make available via the services, as more specifically defined in our Terms and Conditions & Privacy with covering the use of the services. We are committed to ensuring that Customer Data is not seen by anyone who should not have access to it. The operation of the services requires that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem with the services, we may need to access Customer Data. A limited number of developers have access to production data to monitor, diagnose and debug problems. We have technical controls to ensure that any access to Customer Data is logged.

Our list of subcontractors is as follows:

Stripe (for credit card processing)

Helpscout (for support communication)

Heroku (for serving you with web pages and storing data): DPA

Amazon Web Services (for storing data): AWS Security website, AWS Compliance website

Google Analytics (to track usage of our application): Google Security website, and Google Compliance website.

Crisp (for support communication on QuickMail Next): Compliance website.

Hatchbuck for marketing communications

We’ll communicate with those services you already use (depending on the inbox you give us access to: G Suite, Microsoft Outlook or other email systems)

When an add-on is explicitly activated in the account, we will subcontract the company/product who provides such service (e.g. BriteVerify for email verification or for CRM integration).

Security Features for Team Members & Administrators

In addition to the work we do at the infrastructure level, we provide Account Administrators (as determined by permissions in the application) the ability to prevent support from accessing their data, and dispose automatically of old data in their accounts (data retention policy).

Access Logging

Detailed access logs are available both to users and administrators. We log every time an account signs in, or perform an action on our system.

Team Administrators and owners can review consolidated access logs for their whole team (on a per demand basis to support). We also allow administrators to remove team members’ permissions with immediate effects.

Single Sign-On

We rely on 4 single-sign-on providers: Google, Outlook, Facebook and LinkedIn. Two-factor Authentication can be activated for some of them. We will communicate with those services to authenticate access.

We don’t provide another way of signing in to the system.

Data Retention

Owners of accounts can configure custom prospect retention policies on a team-wide basis. Setting a custom duration for retention means that prospects who have not been modified for a certain amount of time (specified in days by the team administrator(s)) will get deleted automatically (we also provide the ability to prevent re-adding of those prospects who were deleted). Deletion happens on a nightly basis.

Deletion of Customer Data & Return of Customer Data

Please read our privacy policy for more information on this.

Data Encryption In Transit and At Rest

All communication between server and clients are encrypted using SSL communication.

We further encrypt all database fields that can be a source of an exploit if stolen (such as SMTP passwords or sending tokens from using Gmail or Outlook)


Our infrastructure relies on our hosts (Heroku & AWS) to provide fault-tolerant systems. New releases may temporarily prevent users from accessing data.

Disaster Recovery

Customer Data is stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allows recovery from a major disaster. Customer Data is automatically backed up nightly. Backups are regularly fully tested to confirm that our processes and tools work as expected.

Host Management

Users who can modify production data have screen lockouts and full disk encryption.


We maintain an extensive, centralized logging environment in our production environment, which contains information pertaining to security, monitoring, availability, access, and other metrics about the services.

Incident Management & Response

In the event of a security breach, will promptly notify affected users of any unauthorized access to your Customer Data. has incident management policies and procedures in place to handle such an event.

Product Security Practices

New features, functionality, and design changes go through a security review process prior to being released in production.