Templafy Email Signature Server Templafy Hosted - Functional FAQ

ESS architecture is the same for both offerings, with the main difference in the infrastructure location. For Templafy-Hosted it will be in Templafy environment as shown below:

Templafy Email Signature Server processes the emails in memory. The email message contents are not persisted to any tables, logs, or storage devices at any time during or after processing.

Metadata related to the processing of emails are stored in the Tables of the Azure storage account. The metadata is used for troubleshooting purposes. The email addresses logged to these Tables are in redacted form e.g., ab***z@domain.com.

Any data that may exist in the memory for the docker container Email Signature Server process is not persisted by any means or in any way by the Email Signature Server software.

As with all our solutions, Templafy has security and privacy by design and by default. The Templafy Email Signature Server only processes the emails in memory, and the processing time is 2-5 seconds. This ensures no changes on the code can occur and that memory slots cannot be watched with the intention to access the emails.

Templafy process the usual data types to populate the email signature. This is configurable by the customer and usually amounts to employee name, work email, work phone number, job title and department. Templafy does not store personally-identifiable information (PII) in the logs.

Every client tenant is isolated and has its dedicated Kubernetes resources as well as a logically separated storage.

Access to customer data is restricted to authorized users, which is a limited group of trusted and senior engineers. Access is controlled by Templafy's Information Security team, headed by the CISO. Templafy's access to data is governed in the Data Processing Agreement. Any exceptions must be approved by the customer. Access is managed through Microsoft Entra ID with MFA and dedicated admin accounts. Access is reviewed quarterly for all privileged accounts across all subscription by the InfoSec team and immediate action is taken for access that is no longer required.