Applying and updating mail management configuration

This article briefly explains regulatory (GDPR) data storage guidelines and our mail configuration usage.

Understanding the regulations around data storage

The General Data Protection Regulation (GDPR) is a set of data protection regulations aimed to protect the privacy and personal information of individuals. Compliance with GDPR is not just a legal requirement but also a commitment for any software provider to protect their user’s data and privacy.

The European Union (EU) General Data Protection Regulation (GDPR) sets out detailed compliance requirements for companies and organizations on collecting, storing, and managing personal data. These regulations apply to European organizations that process the personal data of individuals in the EU, and to organizations outside the EU that target EU residents. These storage regulations also apply to email data so we need to ensure that you are able to manage your data in accordance with regulations.

Ensuring compliance with data storage regulations

Please, make sure that the mail configuration for your application meets with GDPR. While building your application, you are able to use the demonstration (demo) setting that is configured to the Betty Blocks domain*. In this way, test emails sent while building your application comply with EU storage regulations.

* The Betty Blocks domain communicates via Flowmailer - a 3rd party provider that is GDPR-compliant and ISO 27001 certified.

We collected some tips to follow in order to ensure you set up a GDPR-compliant email configuration:

  • Data encryption: To safeguard data while it travels between the Betty Blocks platform and users' devices, all communications are secured using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocols. These encryption methods establish secure connections, preventing eavesdropping and tampering during data transmission.

  • Data minimization: Only collect and process data necessary for the purpose of the email.

  • Retention policies: Implement email retention policies to comply with data storage limitations

Once you are ready to move your application to production to make it available to end users, you need to reconfigure the mail settings to either SMTP (where available within your organization) or to a 3rd party provider such as Mandrill or Flowmailer. Contact either your local IT department or your 3rd party provider for configuration details.

Note: If you have a Netherlands-based business, read through this article.

What has changed?

Demo settings are applied as the default for applications created after 26/10/2021. You can update existing applications to ensure compliance with EU data regulations. Where SMTP is already configured for your applications, these settings are maintained in the Mail configuration form.

Recommendation: Please check or change settings as appropriate for your application/organization in the Mail form tab. How you work with this form is described in the following.

Applying mail settings

Mails from your applications can either appear as mails from Betty Blocks, or mails you can send using your own SMTP.

Betty Blocks emails will only be Invite user mails or Forgot password mails, these will only be send after you have triggered them. Always be careful when opening mails from domains your don't trust.

To send emails using your own mail provider, use the SMTP action step in your application. For more info about the SMTP step, look at our SMTP step article.

Applying additional security

Please, check if you need to apply additional security such as Sender Policy Framework (SPF) or Domain Keys Identification Mail (DKIM) around your mail configurations. Contact your 3rd party provider or in-house IT networking team for details.

Note: The SMTP settings override platform-send error mails. All error emails will be sent from the SMTP server once the mail configuration has been completed.